netbsd-help: Re: Routing across interfaces

Subject: Re: Routing across interfaces
To: Shane Mason <Shane_Mason@securecomputing.com>
From: Brian Buhrow <buhrow@cats.ucsc.edu>
List: netbsd-help
Date: 04/08/1998 13:06:45
	Is it possible you have ipfirewall included and it's got ip forwading
turned off by default?
-Brian

On Apr 8,  3:16pm, "Shane Mason" wrote:
} Subject: Re: Routing across interfaces
} The GATEWAY option in the kernel config sets the IPFORWARDING option in
} ip_input.c
} 
} Without the change you suggested, I looked at the net.inet.ip.forwarding
} value in the kernel, and the value was already set to 1.
} 
} Is there anything else I am missing?
} 
} If I am one side of the box, I can ping the opposing interface.  For
} example, if the NetBSD box had the following addresses
} 
} 192.168.0.1  nm 0xffffff00, and 192.168.1.1  nm 0xffffff00
} 
} and if I am connected to 192.168.0.1 with a crossover cable, I can ping
} 192.168.1.1.  I do a tcpdump during the ping, and the packets do not appear
} to be hitting the opposing interface, but the response is coming back.
} 
} Say I set up 192.168.1.5 with a route to 192.168.0.0 nm 0xffffff00.  Say
} the internal machine is 192.168.0.5, with a default route to 192.168.0.1.
} From 192.168.0.5, I can ping 192.168.0.1, and 192.168.1.1, but not
} 192.168.1.5
} From 192.168.1.5, I can ping 192.168.1.1, and 192.168.0.1, but not
} 192.168.0.5
} 
} I don't get it.  Can you help me?
} 
} Shane
} 
} Please reply directly to me, as this email address is not subscribed to
} this mailing list.  Thank you.
} 
} To:   Shane Mason/SECURE
} cc:   netbsd-help@netbsd.org
} Subject:  Re: Routing across interfaces
} 
} 
} 
} 
} On Wed, Apr 08, 1998 at 08:47:18AM -0400, Shane Mason wrote:
} [...]
} > option    GATEWAY
} > option    IPSENDREDIRECTS=0
} >
} [...]
} > The box will now route from subnet to subnet on a single interface, but
} not
} > from interface to interface.  Am I missing something?  Is there a user
} > space application that must be run?  I will be using static routes, so
} > routed shouldn't be needed.  Are there more things I need to add to the
} > kernel config?
} You also need to either
}      1) include the IPFORWARDING option in the kernel config file, or
}      2) do "sysctl -w net.inet.ip.forwarding=1" somewhere at startup
}         time (in /etc/rc.local, for example).
} - Frank
} 
} 
>-- End of excerpt from "Shane Mason"