From owner-freebsd-net Thu Apr 18 21:26:17 2002 Delivered-To: freebsd-net@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id C317F37B404 for ; Thu, 18 Apr 2002 21:25:55 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id WAA27182 for ; Thu, 18 Apr 2002 22:25:43 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook may make your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20020418220457.0223da60@nospam.lariat.org> X-Sender: brett@nospam.lariat.org X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 18 Apr 2002 22:25:38 -0600 To: freebsd-net@freebsd.org From: Brett Glass Subject: Configuring a router to work on an unregistered internal subnet Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm in the process of creating a router which will sit on an ISP's internal subnet, which uses unregistered addresses. The router's upstream interface will have an unregistered address, say, 10.X.Y.Z. Its downstream interfaces will have registered IPs, so it looks like this: _ A.B.C.1 -> feeds A.B.C/25 10.X.Y.Z / ISP and Internet ---------[Router]\_ A.B.D.1 -> feeds A.B.D/26 10.X.Y/24 etc. But here's the rub. When the router communicates with the outside world on its own behalf (which it has to do; it's going to serve as a transparent Web cache as well as a router), it needs to use one of its registered addresses as the source address, or the packets won't leave the ISP's internal network. My first attempt at configuring a FreeBSD machine to do this didn't work. When attempting to speak to the Internet at large, it used its 10.X.Y.Z address as the source address on its packets, and of course this caused them to stop at the ISP's gateway router (which is not doing NAT). What's the easiest way to tell it to use the address of one of its internal interfaces (say, A.B.C.1) when talking to the rest of the world, but send those packets out the 10.X.Y.Z interface? Also, if I'm doing an FTP install of FreeBSD on the router (I want to load 4.5-RELEASE-p3 rather than 4.5-RELEASE, to nuke the zlib, OpenSSH, and tcp memory leak bugs), how do I configure the interfaces, etc. from sysinstall to do The Right Thing? (If this is really tough, I do have another network I can plug the machine into, but I'll have to unbolt it from a rack and schlep it to another part of the building.) --Brett Glass P.S. -- I'm not currently subscribed to FreeBSD-net, so please copy me on responses. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message