From owner-freebsd-hackers  Fri Sep 12 14:27:56 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id OAA10818
          for hackers-outgoing; Fri, 12 Sep 1997 14:27:56 -0700 (PDT)
Received: from cynic.portal.ca (root@cynic.portal.ca [204.174.36.7])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA10805
          for <freebsd-hackers@FreeBSD.ORG>; Fri, 12 Sep 1997 14:27:50 -0700 (PDT)
Received: from localhost ([[UNIX: localhost]])
	by cynic.portal.ca (8.8.5/8.8.5) with SMTP id OAA09454;
	Fri, 12 Sep 1997 14:27:21 -0700 (PDT)
X-Authentication-Warning: cynic.portal.ca: cjs owned process doing -bs
Date: Fri, 12 Sep 1997 14:27:21 -0700 (PDT)
From: Curt Sampson <cjs@portal.ca>
To: "Jamil J. Weatherbee" <jamil@counterintelligence.ml.org>
cc: Tom <tom@sdf.com>,
        "J. Weatherbee - Chief Systems Engineer" <root@acromail.ml.org>,
        freebsd-hackers@FreeBSD.ORG
Subject: Re: Stupid Routing Situation
In-Reply-To: <Pine.BSF.3.96.970911231856.554B-100000@counterintelligence.ml.org>
Message-ID: <Pine.NEB.3.96.970912142148.2953R-100000@cynic.portal.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Thu, 11 Sep 1997, Jamil J. Weatherbee wrote:

> Can you give me an example by possibly sending out netstat -r and
> ifconfig -a i have a 255.255.255.192 maybye I want to have like 8
> computers on the segment between firewall and router (unprotected) and the
> others 56 on the second segment (protected)....

Subnets always work in powers of two. Since you have a /26 (62
addresses), the largest subnet you can make of that is a /27 (30
addresses).

The traditional way to get the unequal division you want is to put
the /26 on the `inside' interface and put, say, a /29 (6 addresses)
taken out of that /26 on the `outside' interface. On this host the
more specific /29 route will override the less specific /26 for
the hosts on the /29. Then you proxy-arp on the /26 interface the
hosts that are really on /29, so that the folks on /26 believe that
these machines on the /29 are on the same network as they are.

cjs

Curt Sampson    cjs@portal.ca	   Info at http://www.portal.ca/
Internet Portal Services, Inc.	   Through infinite myst, software reverberates
Vancouver, BC  (604) 257-9400	   In code possess'd of invisible folly.