netbsd-help: Re: routing between internal networks on a firewall

Subject: Re: routing between internal networks on a firewall
To: None <netbsd-help@NetBSD.org>
From: James K. Lowden <jklowden@schemamania.org>
List: netbsd-help
Date: 11/08/2006 00:26:39

Sigmund Skjelnes wrote:
> Let's say A is 192.168.1.2, B is 192.168.2.2 and the router have
> 192.168.1.1 and 192.168.2.1, the following have to be done in addition
> to the default routes ( netbsd syntax ):
> on A:
> route add -net 192.168.2.0/24 192.168.1.1
> 
> on B:
> route add -net 192.168.1.0/24 192.168.2.1

In my case that wasn't necessary.  A and B each had the router as its
default gateway.  

> Have a look on the ipf setup, maybe it's blocking the ping packages. I'd
> assume you are NOT using ipnat on the firewall.

I am in fact using ipnat, too, but only on the external interface.  

Thank you for your help.  Because of your message I tried something I
hadn't tried before.  I had always tried going from 2 to 1, never from 1
to 2.  When I tried 1 -> 2, it worked!  (Having changed nothing.)  

The problem turned out to be the netmask on the 2 client.  

The router's interfaces are:

	192.168.1/24 on sip0
	192.168.2/24 on wi0

and I thought the wireless client was:

	192.168.2/24 on en1

but it was actually a /16 network.  When I corrected that mistake, it
started working.  

Regards, 

--jkl