Thread: My first Gateway and LAN having issues
View Single Post
  #11   (View Single Post)  
Old 4th July 2010
ocicat ocicat is offline
Administrator
  
Join Date: Apr 2008
Posts: 3,319
Default
Quote:
Originally Posted by sharris View Post
I even believe FreeBSD 8.0 is either using a older version of PF...
I warned you of this upfront.
Quote:
...what detail-information (net-numbers) are we not suppose to post since this is more about network security?
Public addresses. Posting private RFC1918 addresses should be inconsequential.
Quote:
I do wonder why it starts with 10.0.10.2 and not 10.0.0.0 or 10.0.10.0.
The answer to this question comes from comprehending basic subnetting.

An address of 10.0.0.0 with no explicit subnet mask implies a /8 network with a subnet mask of 255.0.0.0. Given that any IPv4 address represents a network component & host component, 10.0.0.0 has no host bits set. This situation is known as the "subnet address" & should not be assigned to any specific host. Neither should a host be assigned the address where all host bits are set to one -- in this case 10.255.255.255 -- which is used as the broadcast address for the 10.0.0.0/8 subnet.
  • One of the reasons why this isn't allowed comes from the RIP version 1 routing protocol.
  • Other artifactual reasons can be found from studying the early RFC's.
One of the most referred to introductions to IPv4 subnetting is the following:

http://www.apnic.net/__data/assets/p...147/501302.pdf

Note that the formatting of this paper has problems with displaying exponents.

Another good introduction to subnetting is:

http://www.cisco.com/web/about/ac123...addresses.html
Quote:
Is there a strong working pf example for this type of LAN set-up?
"Strong working pf example" is a myth. Again, it appears you are wanting a canned solution which can be dropped into place without thought. If you continue playing in the Open Source world, you will find that doing lots of research & experimentation is the norm. Why? Because at some point, you will want to do something a little different, change something, & things will break. You will be the only one who can pick up the pieces, & doing so will require working knowledge of the fundamentals. By your own admission, you have only put in a week of trying to put together a network. Really understanding the fundamentals will take time. Lots of it, with a great deal of critical pondering.

And by the way, Hansteen discusses the fundamentals of what you need to focus on here in the beginning at the following:

http://home.nuug.no/~peter/pf/en/bas...tml#GWPITFALLS
Quote:
It takes an expert to come-up with the combination of keywords...
The undercurrent in this statement is that the subject is too hard. It just takes time, patience, & tenacity. Developing a strong sense of curiosty & patience is required.
Quote:
Than you learn FreeBSD is not OpenBSD and all code don't work the same.
This actually is one of your best observations so far. You will need to post in the FreeBSD section asking where FreeBSD-types go for pf(4) information. I can tell you now, that studying what information can be found in the FreeBSD Handbook is a very good start:

http://www.freebsd.org/doc/en_US.ISO...ewalls-pf.html
Reply With Quote