View Single Post
  #5   (View Single Post)  
Old 17th September 2011
badguy badguy is offline
Fdisk Soldier
Join Date: Jul 2009
Location: MD, USA
Posts: 59

It looks like your netmasks. It's does not appear to be routing, and it is probably not PF.
You my friend are very brilliant sir.

Isn't networking fun? There are so many things to misconfigure.
sure once i get a good grip of this and i do less of try and error i am moving to RIPD(8)

You need more than a default route only when there are at least two routers on a subnet. In those cases, a default route won't be sufficient. Here's a common example -- a tiered set of firewalls. The DMZ subnet here has two routers:

{internet} - [Firewall A] - DMZ Web servers 10.1.1/24 - [Firewall B] - DBs and Users 192.168.1/24

Systems on the DMZ have a default route of Firewall A, but they also need a route for the 192.168.1 subnet, pointing to Firewall B. With just a default route, they would point packets destined for the inner platforms through Firewall A, and that's the wrong direction.
Agreed, however I believe this is from the client perspective. What if Firewall A is a router that can forward packets and knows how to reach 10.1.1/24 & 192.168.1/24 subnet? will that change? after-all my gateway know where to send that packet to so why should i bother?

Secondly from the router perspective, if Firewall A has 2 NIC cards, that go to both gateways, will there be a need for static routes?

In my scenario for instance my BSD router knows how to reach re0(em1) and ural0(em2) so there is no need for static routes on the router. if it had to reach a subnet that was not directly connected to it, it will then need a static route to that subnet. also the hosts on my wired and wireless subnets do not need static routes as long as they can reach their default gateway. did i get this twisted up?
Reply With Quote