Date: Fri, 9 Jul 1999 11:25:07 -0700 From: "Justin C. Walker" <justin@apple.com> To: net@freebsd.org Subject: Re: Setting up LAN Message-ID: <199907091825.LAA00699@rhapture.apple.com> In-Reply-To: <199907090607.XAA01050@walker3.apple.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: Shawn Workman <shawn@bsdguy.com>
> Date: 1999-07-08 23:18:18 -0700
> To: "Justin C. Walker" <justin@apple.com>
> Subject: Re: Setting up LAN
> Cc: net@FreeBSD.ORG
> In-reply-to: <199907090607.XAA01050@walker3.apple.com>
> X-Mailer: XFMail 1.3 [p0] on FreeBSD
> X-Priority: 3 (Normal)
> Delivered-to: freebsd-net@freebsd.org
> X-Loop: FreeBSD.org
>
> I forgot to mention that the FreeBSD box is also my firewall..
That helps define the problem, at least.
> could I divide my subnet?
A simple ascii diagram may shed light:
^
| ;; to the rest of
the world
--------------+---------------
| ;; inside your place
X ;; your FreeBSD box
and firewall
| ;; your internal subnet
Now, your box (X) has two interfaces. From the point of view of the
rest of the world, they don't care about anything below the line.
They just know that you have subnet 216.18.166.160, which includes 14
hosts and two broadcast addrs (ain't backwards compatibility a
joy?).
So I think that sub-dividing your subnet may help, although, as
you've noted, the power-of-2 thing will cost you some address space
(unless you're happy keeping some hosts on the outside of the
firewall.
The tricky part is that the outside world (represented by a router
above the line) thinks of your subnet as just that. Unless it (the
upper router) knows that your FreeBSD box is a router, it's going to
try to deliver packets to your subnet using ARP, not by forwarding to
"X". Proxy ARP may help, together with splitting your subnet.
> Maybe have the netmask on the router be a netmask of 16 IP's and
the netmask on
> my vr1 interface be 16 IP's?
I've not used/configured proxy ARP, so I can't be sure how effective
it is, or whether it's really the solution. Those with more
experience may know.
Regards,
Justin
--
Justin C. Walker, Curmudgeon-At-Large *
Institute for General Semantics |
Manager, CoreOS Networking | When crypto is outlawed,
Apple Computer, Inc. | Only outlaws will have crypto.
2 Infinite Loop |
Cupertino, CA 95014 |
*-------------------------------------*-------------------------------*
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907091825.LAA00699>