FreeBSD and two NICs

FreeBSD 4.8, Apache 1.3.27 - two NICs, one with a real-world IP plugged into a switch outside the PIX firewall, the other with a private IP plugged into a switch inside the PIX firewall. Apache listens on both IPs. my domain is mydomain.org.

so in /etc/rc.conf i have something like this (these real-world IPs are not really real, just a spammer's IP borrowed for illustration):

#rc.conf
#
defaultrouter "68.208.213.123"
ifconfig_de0="inet 68.208.213.123 netmask 255.255.255.0"
ifconfig_de1="inet 10.10.10.45 netmask 255.255.0.0"

my ISP runs nameservers which point the outside world to mydomain.org at the real-world IP. i run a local nameserver which points users inside our firewall to the private IP. works great....on my LAN. outside my LAN (still behind the PIX) the users can't see/ping the private address.

question: is there a way to specify a different default gateway for each of the NICs? i did not see anything which would allow that in the man pages for ifconfig(8) or rc.conf(5).

hello,

which side of the bsd router your LAN cant see?
RTO or unreachable?

try netstat -rn to see the route for the BSD

cheers

It's not my LAN that can't see something. It's the LANs connected to me that can't see the BSD machine at the private address. I'm connected to these other LANs via older Cisco routers talking over T1s. Our ISP's Cisco guy said that the problem was probably the default gateway for the BSD machine at the private address. In rc.conf, sure enough, I don't have a default gateway for the machine's "inside-the-firewall" NIC. I only have a default gateway for the "outside-the-firewall" NIC. How do I set two default gateways, one for each address class I'm using?

yes - i know that not your internal LAN cant see something,
but your intranet LAN cant see it right:)

post the route with netstat -rn,
yes - you can create as many route as you want with NIC(s)

cheers:)

here's the netstat output. the default routers (ciscos) are in bold.
in my original post i said the gateway for the outside was 68.208.213.123
it should have been 68.208.213.1

Routing tables

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 68.208.213.1 UGSc 36 27262 de0
10.10/16 link#2 UC 4 0 de1
10.10.10.1 00:e0:b0:63:da:e0 UHLW 0 2 de1 1196
10.10.10.18 00:04:75:83:e7:8c UHLW 0 1 de1 1046
10.10.10.19 00:c0:f0:32:02:40 UHLW 0 10 de1 831
10.10.10.45 00:c0:f0:31:55:b0 UHLW 0 54194 lo0
127.0.0.1 127.0.0.1 UH 0 2546 lo0
68.208.0/16 link#1 UC 13 0 de0
68.208.213.1 00:00:0c:75:dc:91 UHLW 37 0 de0 907
68.208.213.19 00:04:27:46:43:ea UHLW 0 2074 de0 68
68.208.213.152 00:04:27:46:43:ea UHLW 0 332 de0
68.208.213.221 00:04:27:46:43:ea UHLW 2 222693 de0 729
68.208.214.8 00:00:0c:75:dc:91 UHLW 4 667918 de0 713
68.208.214.16 00:00:0c:75:dc:91 UHLW 0 7 de0 625
68.208.214.51 00:00:0c:75:dc:91 UHLW 0 7 de0 792
68.208.214.54 00:00:0c:75:dc:91 UHLW 0 7 de0 61
68.208.214.57 00:00:0c:75:dc:91 UHLW 0 7 de0 653
68.208.214.60 00:00:0c:75:dc:91 UHLW 0 140 de0 912
68.208.214.116 00:00:0c:75:dc:91 UHLW 0 411 de0 387
68.208.214.182 00:00:0c:75:dc:91 UHLW 0 146 de0
68.208.214.254 00:00:0c:75:dc:91 UHLW 0 508 de0 1090

hello,

and which LAN cant see your router?
have you try with pings/traceroute?
and what i the output? RTo or net unreachable?

cheers:)

there's several networks connected to mine that can't see the FreeBSD server. for example, 10.1.1.0, 10.7.1.0, and others. They RTo on trying to ping the 10.10.10.45 address, the address on the second NIC in the FreeBSD machine. on my network (10.10.10.0) i can ping the IP and in fact pull up the webpage from Apache - no problem.

it's as if the router (10.10.10.1) isn't picking up the address as being on its network. would that be the case if the NIC doesn't have a default gateway?

hello ednix,

the RTO means that your 10.1.x.x and 10.7.x.x network can reach your DNS - but they cant receive the reply because (look carefully from your post) your DNS server dont have the route to reach your 10.1.x.x/10.7.x.x network.
you specify /16 - that means from the posted route 10.1.x.x/10.7.x.x network wasnt included in the route.

do create the route.

cheers8)

hi,

> ...server dont have the route to reach your 10.1.x.x/10.7.x.x network.

yes, that's right. and that is exactly what i was asking for in my original post...on the second NIC in the FreeBSD machine, I need to set a default gateway to 10.10.10.1. However, the rc.conf file only seems to allow me to set one default router and that config entry currently sets the default route for the first NIC. how do I set a default route for the second NIC in the rc.conf file?

hello ednix,

you dont create a default route.
(google around to understand default route usage).
just create the same route command to network 10.1.x.x/10.7.x.x on the DNS server.

route -net 10.1.x.x bla bla bla...

cheers8)

hi stdout,

okay, thanks. i'll do that. i just thought that i could set it up through rc.conf or at least through ifconfig args through rc.conf. apparently not. thanks for your help.

regards