IP Networking

FreeBSD 4.8, Apache 1.3.27 - two NICs, one with a real-world IP plugged into a switch outside the PIX firewall, the other with a private IP plugged into a switch inside the PIX firewall. Apache listens on both IPs. my domain is mydomain.org.

so in /etc/rc.conf i have something like this (these real-world IPs are not really real, just a spammer's IP borrowed for illustration):

#rc.conf
#
defaultrouter "68.208.213.123"
ifconfig_de0="inet 68.208.213.123 netmask 255.255.255.0"
ifconfig_de1="inet 10.10.10.45 netmask 255.255.0.0"

my ISP runs nameservers which point the outside world to mydomain.org at the real-world IP. i run a local nameserver which points users inside our firewall to the private IP. works great....on my LAN. outside my LAN (still behind the PIX) the users can't see/ping the private address.

question: is there a way to specify a different default gateway for each of the NICs? i did not see anything which would allow that in the man pages for ifconfig(8) or rc.conf(5).

hello,

which side of the bsd router your LAN cant see?
RTO or unreachable?

try netstat -rn to see the route for the BSD

cheers

It's not my LAN that can't see something. It's the LANs connected to me that can't see the BSD machine at the private address. I'm connected to these other LANs via older Cisco routers talking over T1s. Our ISP's Cisco guy said that the problem was probably the default gateway for the BSD machine at the private address. In rc.conf, sure enough, I don't have a default gateway for the machine's "inside-the-firewall" NIC. I only have a default gateway for the "outside-the-firewall" NIC. How do I set two default gateways, one for each address class I'm using?

yes - i know that not your internal LAN cant see something,
but your intranet LAN cant see it right

post the route with netstat -rn,
yes - you can create as many route as you want with NIC(s)

cheers

here's the netstat output. the default routers (ciscos) are in bold.
in my original post i said the gateway for the outside was 68.208.213.123
it should have been 68.208.213.1

Routing tables

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 68.208.213.1 UGSc 36 27262 de0
10.10/16 link#2 UC 4 0 de1
10.10.10.1 00:e0:b0:63:da:e0 UHLW 0 2 de1 1196
10.10.10.18 00:04:75:83:e7:8c UHLW 0 1 de1 1046
10.10.10.19 00:c0:f0:32:02:40 UHLW 0 10 de1 831
10.10.10.45 00:c0:f0:31:55:b0 UHLW 0 54194 lo0
127.0.0.1 127.0.0.1 UH 0 2546 lo0
68.208.0/16 link#1 UC 13 0 de0
68.208.213.1 00:00:0c:75:dc:91 UHLW 37 0 de0 907
68.208.213.19 00:04:27:46:43:ea UHLW 0 2074 de0 68
68.208.213.152 00:04:27:46:43:ea UHLW 0 332 de0
68.208.213.221 00:04:27:46:43:ea UHLW 2 222693 de0 729
68.208.214.8 00:00:0c:75:dc:91 UHLW 4 667918 de0 713
68.208.214.16 00:00:0c:75:dc:91 UHLW 0 7 de0 625
68.208.214.51 00:00:0c:75:dc:91 UHLW 0 7 de0 792
68.208.214.54 00:00:0c:75:dc:91 UHLW 0 7 de0 61
68.208.214.57 00:00:0c:75:dc:91 UHLW 0 7 de0 653
68.208.214.60 00:00:0c:75:dc:91 UHLW 0 140 de0 912
68.208.214.116 00:00:0c:75:dc:91 UHLW 0 411 de0 387
68.208.214.182 00:00:0c:75:dc:91 UHLW 0 146 de0
68.208.214.254 00:00:0c:75:dc:91 UHLW 0 508 de0 1090

hello,

and which LAN cant see your router?
have you try with pings/traceroute?
and what i the output? RTo or net unreachable?

cheers

there's several networks connected to mine that can't see the FreeBSD server. for example, 10.1.1.0, 10.7.1.0, and others. They RTo on trying to ping the 10.10.10.45 address, the address on the second NIC in the FreeBSD machine. on my network (10.10.10.0) i can ping the IP and in fact pull up the webpage from Apache - no problem.

it's as if the router (10.10.10.1) isn't picking up the address as being on its network. would that be the case if the NIC doesn't have a default gateway?