From owner-freebsd-net@FreeBSD.ORG Fri Sep 2 01:14:04 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E61B16A41F for ; Fri, 2 Sep 2005 01:14:04 +0000 (GMT) (envelope-from babolo@cicuta.babolo.ru) Received: from ints.mail.pike.ru (ints.mail.pike.ru [85.30.199.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 95F9D43D45 for ; Fri, 2 Sep 2005 01:14:03 +0000 (GMT) (envelope-from babolo@cicuta.babolo.ru) Received: (qmail 457 invoked from network); 2 Sep 2005 01:14:01 -0000 Received: from cicuta.babolo.ru (194.135.49.133) by ints.mail.pike.ru with SMTP; 2 Sep 2005 01:14:01 -0000 Received: (nullmailer pid 13350 invoked by uid 136); Fri, 02 Sep 2005 01:17:03 -0000 X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1 In-Reply-To: To: "Dr. Genio" Date: Fri, 2 Sep 2005 05:17:02 +0400 (MSD) From: .@babolo.ru X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <1125623823.002201.13349.nullmailer@cicuta.babolo.ru> Cc: freebsd-net@freebsd.org Subject: Re: routing question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Sep 2005 01:14:04 -0000 [ Charset ISO-8859-1 unsupported, converting... ] > Hi everyone. I'm trying to do some strange things to the routing table, and > I can't get them to work. > Our ISP assigned us a /26 subnet. xxx.xxx.xx.1 is the main router, a Cisco > 2511. xx.xx.xx.2 is the main server, and there are a few machines. This > server, a FreeBSD is an access server, which allowed our Wireless customers > to access the internet. The BSD server has 2 NICs: one to the public > internet, and the other to the Access Point. We had to move from a PPTP > setup to a DHCP setup because PPTP keeps disconnecting the customers. With > PPTP, the machine did Proxy-ARP so I could give the customers public > addresses via PPTP. > Now with DHCP we moved the customers to a NAT setup, and reserve public > addresses for special customers. The problem is, I can't route the public > addresses to the second NIC. > What I did was this: > > nic 1: xl0, xxx.xxx.xxx.2 netmask 255.255.255.192 > nic 2: xl1, 10.5.5.10 netmask 255.255.255.0 > nic 2: xl1, xxx.xxx.xxx.4 netmask 255.255.255.255 alias > > on the main router, I added static route of xxx.xxx.xxx.4/32 via > xxx.xxx.xxx.2, and it worked, I get pings from the public internet. > so I added a machine on the private LAN and set it an IP of xxx.xxx.xxx.5/24 > gateway xx.xxx.xx.4, and a static route on the BSD server of > "xxx.xxx.xxx.5/32 via xxx.xxx.xx.4", trying to route packets to .5 via .4 > instead of .2, so packets would go via xl1 rather than xl0. But it doesn't > seem to work. I get TTL exceeded, even from inside the BSD server. Also on > the main router to the public internet i added a route to .5/32 via .4. > > How can I make this work? ifconfig xl1 xxx.xxx.xxx.63/27 sysctl net.link.ether.inet.proxyall=1 And use xxx.xxx.xxx.32/27 in internal net for the customers with default gateway xxx.xxx.xxx.63. Swap masks if you want more then /27 for customers: nic 1: xl0, xxx.xxx.xxx.2/30 nic 2: xl1, xxx.xxx.xxx.63/27 and net.link.ether.inet.proxyall=1