I'm working on a very similar project, altough I'd thinking of it as
setting up an router, but that's an definition issue, and man, that's
philosophy...

To ping a host B from host A, where A and B is on it's own network
connected by an router, A need a route to B, and B need a route to A.
Let's say A is 192.168.1.2, B is 192.168.2.2 and the router have
192.168.1.1 and 192.168.2.1, the following have to be done in addition
to the default routes ( netbsd syntax ):
on A:
route add -net 192.168.2.0/24 192.168.1.1

on B:
route add -net 192.168.1.0/24 192.168.2.1

Have a look on the ipf setup, maybe it's blocking the ping packages. I'd
assume you are NOT using ipnat on the firewall.

I'd got mine networks to work together ( finally ), but one of them
could not reach the outside world. The cause is that there is a missing
static route in the internet router, and I do not have the password for
it, the router belongs to the isp. 

Hope it helps,
Sigmund

Sun, 05,.11.2006 kl. 17.56 -0500, skrev James K. Lowden:
> I can't seem to convince my firewall to route between internal networks.  
> 
> My Soekris box has two internal networks and one external.  The internal
> ones are:
> 
> 	192.168.1/24 on sip0
> 	192.168.2/24 on wi0
> 
> I'd like to route between them, but hosts on the 2 network can't ping (or
> log into) any machine on the 1 network.  
> 
> Because the machine can route to each internal network, I assume it can
> forward packets between them. I haven't tried to set up any static routing
> rules.  (net.inet.ip.forwarding = 1)
> 
> There is an ipnat rule that I wonder if it needs adustment?  
> 
> map sip2 192.168.2.0/24 -> 216.254.83.209/32
> 
> (sip2 is the external network.)
> 
> I'm also still running ipf.  The rules are mostly about blocking incoming
> stuff.  Is there something I need to permit?  
> 
> Many thanks for your interest and help.  
> 
> --jkl