Date: 12 Feb 1998 16:20:36 +0100 From: Benedikt Stockebrand <benedikt@devnull.ruhr.de> To: questions@FreeBSD.ORG, isp@FreeBSD.ORG Subject: Re: FreeBSD firewall questions Message-ID: <877m70c0jf.fsf@devnull.ruhr.de> In-Reply-To: Benedikt Stockebrand's message of "11 Feb 1998 22:41:35 %2B0100" References: <Pine.BSF.3.95q.980211082836.5078A-100000@federation.addy.com> <87en19vmy8.fsf@devnull.ruhr.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Benedikt Stockebrand <benedikt@devnull.ruhr.de> writes:
> # route add -net 100.100.100.0 -netmask 255.255.251.0 \
> -interface 100.100.100.100
Danny O'Callahan is right: Make that netmask 255.255.252.0 instead of
...251...
> (not tested and I'm a bit out of practice with the syntax, so YMMV).
oh yes, and I was bl**dy tired, too.
> This is where things get messy because you're overriding the network
> route(s) above with a host route. The most ugly part about it is that
> internal machines can't reach the router itself anymore --- they can
> send things through it, but they can't even ping it to see if it's
> up. They'll always complain about a "host is down" or similar.
One more addendum: If you *really* want to do this you might consider
using a proxy arp kludge. I'd still recommend against it, though.
I've just dug through my assorted docs to see if there's any good
starting point about this issue. Here's what I've found:
Craig Hunt,
TCP/IP Network Administration ("Crab Book").
O'Reilly & Associates, 1992
I've only got the old edition and it seems to miss the more
advanced aspects like VLSM and CIDR. Good starting point
though.
W. Richard Stevens,
TCP/IP Illustrated Vol. I
Addison-Wesley, 1994
This one deals with the protocol side of the problem in depth.
Unfortunately not in one chapter but spread around a bit. And
it doesn't deal with the Un*x side of it. Recommended if you
really want to find out about the internals of the TCP/IP
stack.
Otherwise you may try the gated docs, but I don't have them around so
I can't check --- YMMV.
> maybe some hardware fraggle knows?
Since Dave Walton asked what fraggles are: Apparently the name
"fraggle" comes from the Jim Henson "Fraggles" show. They're a bunch
of nice but sometimes slightly childish beings (at least that's what
I've been told).
The "hardware fraggles" are the ones running around with soldering
irons and wirecutters.
Ben
--
Ben(edikt)? Stockebrand Runaway ping.de Admin---Never Ever Trust Old Friends
My name and email address are not to be added to any list used for advertising
purposes. Any sender of unsolicited advertisement e-mail to this address im-
plicitly agrees to pay a DM 500 fee to the recipient for proofreading services.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?877m70c0jf.fsf>