From owner-freebsd-net  Tue Oct 23 18:59:23 2001
Delivered-To: freebsd-net@freebsd.org
Received: from c1717606-a.sprgfld1.mo.home.com (c1717606-a.sprgfld1.mo.home.com [65.6.246.57])
	by hub.freebsd.org (Postfix) with ESMTP id 1EC3137B401
	for <freebsd-net@freebsd.org>; Tue, 23 Oct 2001 18:59:19 -0700 (PDT)
Received: from pooh.int (mail@pooh.int [10.0.1.2])
	by c1717606-a.sprgfld1.mo.home.com (8.11.6/8.11.5) with ESMTP id f9O1xIR15240
	for <freebsd-net@freebsd.org>; Tue, 23 Oct 2001 20:59:18 -0500 (CDT)
	(envelope-from kirk@strauser.com)
Received: from kirk by pooh.int with local (Exim 3.32 #1 (Debian))
	id 15wDKA-0004hd-00
	for <freebsd-net@FreeBSD.ORG>; Tue, 23 Oct 2001 20:59:18 -0500
To: freebsd-net@freebsd.org
Subject: Re: Silly problem has me stumped
References: <Pine.BSF.4.33.0110240123240.98768-100000@spaz.catonic.net>
From: Kirk Strauser <kirk@strauser.com>
Date: 23 Oct 2001 20:59:18 -0500
In-Reply-To: <Pine.BSF.4.33.0110240123240.98768-100000@spaz.catonic.net>
Message-ID: <87lmi1n6h5.fsf@pooh.int>
Lines: 29
X-Mailer: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org


At 2001-10-24T01:30:35Z, Kris Kirby <kris@catonic.net> writes:

> And a tidbit just surfaced from the mud! Use ipfw + natd to nat anything
> that would directly come from / to the private address and use "natd -u -a
> 1.2.3.1" (assumes .1 is the gateway). Careful that you don't wind up
> looking at every single packet though.

Ahhh...  That doesn't sound too bad.  Lately I've somewhat taken to ipfilter
so I'll wave the appropriate translation stick at the issue.

> The other solution would be to accuse your ISP of being incompentent /
> cheap, etc. and complain until you get a public /30 for the WAN link.

Actually, they're far and away the most competent provider in the area.  Our
contact is a CCNA-working-on-CCIE and really seems to know his stuff.  We're
also now on a dual-homed network, connected by two counter-rotating fiber
rings.  The rationale I heard was that this was something they went out of
their way to do in order to avoid wasting public IPs on router interfaces.
Coming from anyone else, I'd agree with you.  From these guys, I tend to
believe them.

> I'm a fascist; I wouldn't have taken a link without a public WAN ip.

Well, we have a whole public /24.  Only the routing block is private, which
I'm sure will seem like a better idea once I coerce this $@#!() FreeBSD box
to bend to my will.
-- 
Kirk Strauser

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message