[afnog] PIX Configuration Issue
Brian Candler
B.Candler at pobox.com
Wed Jun 15 16:46:26 EAT 2005
On Wed, Jun 15, 2005 at 09:52:18AM +0300, Julius Kidubuka wrote:
> I have a rather buffling scenario on my hands. I am trying to setup a PIX
> firewall btn my LAN and external (via a FreeBSD gateway).
>
>
> Below is my ASCII network diagram:
>
>
> 81.x.x.x/27 192.168.x.x/24 172.16.x.x/24
>
> +--------+ +------+ +--------+
> | Free | |Cisco | | LAN | LAN PCs
> ---------| BSD |-------------|PIX |---------| Switch |--------
> | G/W | | | | |
> +---+----+ +------+ +--------+
...
> I also had both networks (.ie. 172.16.x.x and 192.168.x.x) taken care of
> in the ipnat.rules on the FreeBSD gateway. With this setup, the PIX could
> reach the FreeBSD g/w, the LAN PCs could get to the PIX but I couldn't get
> any communication between the LAN PCs and the FreeBSD g/w.
Did you remember to add a static route on the FreeBSD box for the 172.16
network via the PIX?
# route add -net 172.16.x.x/24 192.168.z.z
where 192.168.z.z is the PIX outside IP
Otherwise, whenever the FreeBSD box tries to send a packet to 172.16.x.x, it
will follow its default route to the outside world.
If you did remember that - then please give more accurate configurations of
the boxes, including "netstat -i", "netstat -rn" on the Linux box,
equivalents on the PIX, and preferably with IP addresses not obscured.
Regards,
Brian.
More information about the afnog
mailing list