I have FreeBSD based router in my campus.
Trivial configuration for these types of routers: two interfaces, one of them looking to the outer internet, second - to the local net.
In my local net there is three subnets: 192.168.0.0/24, 192.168.1.0/24, 192.168.200.0/24. ipfw configured to transparent nat, sysctl forwarding enabled.
Local interface configured to three ip aliases: 192.168.0.1, 192.168.1.1 and 192.168.200.1 according to subnets. Also it is connected to the single l2 manageable HP switch. Switch configured by default to single vlan.
From 192.168.0.0/24 subnet clients i can reach 192.168.1.0/24 clients and vice versa. But for clients in 192.168.200.0/24 the other two subnets is unreachable, despite the fact that internet is available through default gateway 192.168.200.1.
By initial design, all internal subnet must be reachable for each other.
output of the netstat -rn on the FreeBSD router:
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default xxx.xxx.xxx.xxx UGS xl0
127.0.0.1 link#4 UH lo0
192.168.0.0/24 link#1 U bge0
192.168.0.1 link#1 UHS lo0
192.168.0.2 link#1 UHS lo0
192.168.1.0/24 link#1 U bge0
192.168.1.1 link#1 UHS lo0
192.168.200.0/24 link#1 U bge0
192.168.200.1 link#1 UHS lo0
xxx.xxx.xxx.xxx/30 link#3 U xl0
xxx.xxx.xxx.xxx link#3 UHS lo0
Output for the ipfw:
00050 1123362356 950030754266 nat 123 ip4 from any to any via xl0
00100 26229559 14516116395 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
00400 0 0 deny ip from any to ::1
00500 0 0 deny ip from ::1 to any
00600 0 0 allow ipv6-icmp from :: to ff02::/16
00700 0 0 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 0 0 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 0 0 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 0 0 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
65000 734630742 621499874050 allow ip from any to any
65535 9 589 deny ip from any to any
