Well, this isn't a BSD list, but I'll reply anyway in the hopes this may help others as well. :) On Wed, Nov 15, 2000 at 09:33:44AM -0600, jeffr at odeon.net wrote: > > The problems I'm having are as follows: > > OpenBSD sees the PCI card first, and insists on using that card > as the connection to the router. If I set up the routing tables > manually I can probably get around that, but it seems to be a bit > of a pain. Anyway, as the order of the cards really doesn't > matter for my application I decided to just use the order OpenBSD > seems to favor. If I can track down another one of those ISA > cards I'll just replace th PCI card with a 10 Mbit card and not > worry about it. > > Now my next problem, just to test, I set up a very relaxed set > of IP filtering rules (basically pass everything from any port > to any other port). Machines in the DMZ can ping the port they > are connected to, and they can even ping the protected LAN port, > but they can't reach the PCI card to get out to the rest of the > world. I figure I've still got a problem with the routing tables. No, nothing to do with your routing tables, AFAIK. If you want any traffic to get routed to your "live" NIC, you need to setup NAT to send the traffic over to that NIC. Just like you setup NAT for route from your 10.0.0.0 network to your live NIC, you'll need to setup NAT to route your DMZ traffic to your live NIC. I haven't done this personally, but it seems this would be the only way to do it. > > Anyway, does anyone know of a good resource for configuring > routing on xBSD? The theory is the same as for linux, but the > syntax is different enough that I'm getting confused. rtfm route > > I did pick up "Building Linux and OpenBSD Firewalls" (I forget > the publisher/author, the book isn't infront of me), and it's > been very helpful. Sadly though, it just barely touches on > routing, and indicates that the dynamic routing should be just > fine. It also covers OpenBSD 2.5 rather than 2.7. Yes, it's an amazing book. I believe they have an example with a network that is much like yours. Did you look at that? Gabe -- -------------------------------------------------------------------------------- Gabe Turner | X-President, UNIX Systems Administrator, | Assoc. for Computing Machinery U of M Supercomputing Institute for | University of Minnesohta Digital Simulation and Advanced Computation | dopp at acm.cs.umn.edu "Of all the systems of religion that ever were invented, there is no more derogatory to the Almighty, more unedifiying to man, more repugnant to reason, and more contradictory to itself than this thing called Christianity." - Thomas Paine -------------------------------------------------------------------------------