Date: Tue, 4 Dec 2001 17:29:47 -0300 (ART) From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> To: Chris Appleton <appleton_chris@yahoo.com> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: ipf and router Message-ID: <20011204171759.M71623-100000@cactus.fi.uba.ar> In-Reply-To: <20011204201157.2347.qmail@web14809.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 4 Dec 2001, Chris Appleton wrote: > > > i may have mixed up the rl's but that's the jist. > what you've said makes sense but the complication is > still that the "private" is the same subnet - no nat. > i only have the 1 c class and want to separate the > router from the rest of the (same) network. a bridge > will do this but i'm wondering if i can do it with > route. You can subnet the class C into two subnets. the first is a /30 subnet for the router and the firewall and the other is for the hosts. But if you cant change the subnet mask in the router, you need to build a proxy arp table to cheat the router into thinking all the hosts are on the attached ethernet segment. this way, you'll lose 4 IPs from your asigned pool (broadcast and network addresses for each subnet), but everything should work fine. The second way I can think of is using private IPs for the internal network and static NAT. This way you won't lose any IPs, but certain protocols will break (Those which use embeded IPs in the payload) Fer > > thanks again > > __________________________________________________ > Do You Yahoo!? > Buy the perfect holiday gifts at Yahoo! Shopping. > http://shopping.yahoo.com > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011204171759.M71623-100000>