From owner-freebsd-questions  Tue Dec  4 12:31:12 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108])
	by hub.freebsd.org (Postfix) with ESMTP id 8AFF837B417
	for <freebsd-questions@FreeBSD.ORG>; Tue,  4 Dec 2001 12:31:01 -0800 (PST)
Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108])
	by cactus.fi.uba.ar (8.11.6/8.11.6) with ESMTP id fB4KTlb75617;
	Tue, 4 Dec 2001 17:29:47 -0300 (ART)
	(envelope-from fgleiser@cactus.fi.uba.ar)
Date: Tue, 4 Dec 2001 17:29:47 -0300 (ART)
From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar>
To: Chris Appleton <appleton_chris@yahoo.com>
Cc: <freebsd-questions@FreeBSD.ORG>
Subject: Re: ipf and router
In-Reply-To: <20011204201157.2347.qmail@web14809.mail.yahoo.com>
Message-ID: <20011204171759.M71623-100000@cactus.fi.uba.ar>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Tue, 4 Dec 2001, Chris Appleton wrote:

>
>
> i may have mixed up the rl's but that's the jist.
> what you've said makes sense but the complication is
> still that the "private" is the same subnet - no nat.
> i only have the 1 c class and want to separate the
> router from the rest of the (same) network.  a bridge
> will do this but i'm wondering if i can do it with
> route.

You can subnet the class C into two subnets. the first is a /30 subnet
for the router and the firewall and the other is for the hosts. But if
you cant change the subnet mask in the router, you need to build a
proxy arp table to cheat the router into thinking all the hosts are
on the attached ethernet segment. this way, you'll lose 4 IPs from
your asigned pool (broadcast and network addresses for each subnet), but
everything should work fine.


The second way I can think of is using private IPs for the internal network
and static NAT. This way you won't lose any IPs, but certain protocols will
break (Those which use embeded IPs in the payload)



				Fer
>
> thanks again
>
> __________________________________________________
> Do You Yahoo!?
> Buy the perfect holiday gifts at Yahoo! Shopping.
> http://shopping.yahoo.com
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message