Thread: Routing between two subnets, routes not working.
View Single Post
  #5   (View Single Post)  
Old 14th June 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
  
Join Date: May 2008
Location: USA
Posts: 7,983
Default
Hello, and welcome!
  1. The vether(4) driver was developed to solve a unique problem for one particular facility that required BGP peering. I believe it to be a needless complexity for your situation.
  2. I don't think you need anything more than a default route, which I explain below. I agree with thirdm that you may not have turned on packet forwarding, which is required to route packets between networks. You might also have tangled yourself up in a PF configuration that appears to have been originally copied/pasted from others. I especially like the comment "# use with care" embedded therein.
To route IP packets, all that a computer needs is the address of the next gateway. For a single subnet with only one router, such as in a residence or small business, every device on the subnet only needs to know the address of that single gateway router. The default route is the address of the router to use when there are no specific routes defined. For example, if I have a single network at 10.0.0/24 and a single router on that subnet at 10.0.0.1, I configure all the devices on that subnet with a default route of 10.0.0.1. Each computer's network stack will route anything destined for other subnets through that default route.

In your case, you have three subnets: 192.168.0/24 on fxp0, 192.168.1/24 on athn0, and whatever Internet subnet is used for pppoe0, for egress.

All three subnets share the same router, with three IP addresses: 192.168.0.1, 192.168.1.1, and your Internet address. Each subnet can reach anywhere: to/from the Internet, or the other local subnet, by routing through this single router. The 192.168.0 devices need a default route of 192.168.0.1, and the 192.168.1 devices need a default route of 192.168.1.1.

Additional routes would only be needed if you had additional routers. You don't.

Let's pretend for a moment that you had a different architecture, one with multiple routers, such as:

{Internet} - [Firewall A] - {DMZ servers} - [Firewall B] - {everything else}

The DMZ server subnet has two routers. Those servers need two routes: a default route through Firewall A to the Internet, and a specific route through Firewall B to that inner subnet. Firewall A also needs two routes -- a default route through the ISP, and a specific route to the inner subnet.

Without adding a specific (sometimes called static) route, those packets would be shipped to the default route, which would be to the wrong router.

---

I hope this helps.
Last edited by jggimi; 14th June 2013 at 04:59 PM. Reason: typo, clarity
Reply With Quote