From owner-freebsd-questions@FreeBSD.ORG  Tue Dec 12 09:00:48 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 2F8CE16A40F
	for <freebsd-questions@freebsd.org>;
	Tue, 12 Dec 2006 09:00:48 +0000 (UTC)
	(envelope-from nvass@teledomenet.gr)
Received: from arwen.teledomenet.gr (arwen.teledomenet.gr [213.142.128.58])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DA1DD43CA1
	for <freebsd-questions@freebsd.org>;
	Tue, 12 Dec 2006 08:59:25 +0000 (GMT)
	(envelope-from nvass@teledomenet.gr)
Received: from iris ([192.168.1.71])
	by arwen.teledomenet.gr (8.12.10/8.12.10) with ESMTP id kBC90im1018855; 
	Tue, 12 Dec 2006 11:00:44 +0200
From: Nikos Vassiliadis <nvass@teledomenet.gr>
To: freebsd-questions@freebsd.org
Date: Tue, 12 Dec 2006 11:00:28 +0200
User-Agent: KMail/1.9.1
References: <014301c71dc2$1e3d1910$5ab74b30$@net>
In-Reply-To: <014301c71dc2$1e3d1910$5ab74b30$@net>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <200612121100.28716.nvass@teledomenet.gr>
Cc: "Bret J. Esquivel" <besquivel@immense.net>
Subject: Re: Routing Question
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Dec 2006 09:00:48 -0000

On Tuesday 12 December 2006 09:49, Bret J. Esquivel wrote:
> Hi,
> 
>  
> 
> I have a cable modem at my office with a /28 allocated. I have a FreeBSD 6.1
> firewall/router in between the cable modem and the switch to other nodes. My
> question is how could I add static routes to say my web server having an
> external IP address but still going through the firewall box? NAT is not an
> option.
> 
>  
> 
> INET (70.164.48.225/28) -> [xl0] Firewall (70.164.48.226) [xl1] -> [xl0] Web
> server (70.164.48.227)

You can bridge xl0 and xl1. Then you'll use one address e.g. 70.164.48.225/28
on you xl0 and that will be reachable from your lan too. xl1 doesn't have to
have an IP address. Check man if_bridge.

But is this the topology? in many cases there is a PPP interface
which connects you to the world, a WAN interface. And there is a
network routed through this. Something like this:
                 W     A    N                                      L              A          N
(a.b.c.d/32) <-> (a.b.c.e/32 router d.e.f.a/28) <-> (d.e.f.b/28 other boxes)

Hope this help, Nikos