FreeBSD 4.8, Apache 1.3.27 - two NICs, one with a real-world IP plugged into a switch outside the PIX firewall, the other with a private IP plugged into a switch inside the PIX firewall. Apache listens on both IPs. my domain is mydomain.org.
so in /etc/rc.conf i have something like this (these real-world IPs are not really real, just a spammer's IP borrowed for illustration):
my ISP runs nameservers which point the outside world to mydomain.org at the real-world IP. i run a local nameserver which points users inside our firewall to the private IP. works great....on my LAN. outside my LAN (still behind the PIX) the users can't see/ping the private address.
question: is there a way to specify a different default gateway for each of the NICs? i did not see anything which would allow that in the man pages for ifconfig(8) or rc.conf(5).
It's not my LAN that can't see something. It's the LANs connected to me that can't see the BSD machine at the private address. I'm connected to these other LANs via older Cisco routers talking over T1s. Our ISP's Cisco guy said that the problem was probably the default gateway for the BSD machine at the private address. In rc.conf, sure enough, I don't have a default gateway for the machine's "inside-the-firewall" NIC. I only have a default gateway for the "outside-the-firewall" NIC. How do I set two default gateways, one for each address class I'm using?
here's the netstat output. the default routers (ciscos) are in bold.
in my original post i said the gateway for the outside was 68.208.213.123
it should have been 68.208.213.1
there's several networks connected to mine that can't see the FreeBSD server. for example, 10.1.1.0, 10.7.1.0, and others. They RTo on trying to ping the 10.10.10.45 address, the address on the second NIC in the FreeBSD machine. on my network (10.10.10.0) i can ping the IP and in fact pull up the webpage from Apache - no problem.
it's as if the router (10.10.10.1) isn't picking up the address as being on its network. would that be the case if the NIC doesn't have a default gateway?
the RTO means that your 10.1.x.x and 10.7.x.x network can reach your DNS - but they cant receive the reply because (look carefully from your post) your DNS server dont have the route to reach your 10.1.x.x/10.7.x.x network.
you specify /16 - that means from the posted route 10.1.x.x/10.7.x.x network wasnt included in the route.
> ...server dont have the route to reach your 10.1.x.x/10.7.x.x network.
yes, that's right. and that is exactly what i was asking for in my original post...on the second NIC in the FreeBSD machine, I need to set a default gateway to 10.10.10.1. However, the rc.conf file only seems to allow me to set one default router and that config entry currently sets the default route for the first NIC. how do I set a default route for the second NIC in the rc.conf file?
you dont create a default route.
(google around to understand default route usage).
just create the same route command to network 10.1.x.x/10.7.x.x on the DNS server.
okay, thanks. i'll do that. i just thought that i could set it up through rc.conf or at least through ifconfig args through rc.conf. apparently not. thanks for your help.