From owner-freebsd-questions@FreeBSD.ORG Wed Jan 26 16:32:20 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CEC6916A4CE for ; Wed, 26 Jan 2005 16:32:20 +0000 (GMT) Received: from helium.webpack.hosteurope.de (helium.webpack.hosteurope.de [217.115.142.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2538043D53 for ; Wed, 26 Jan 2005 16:32:20 +0000 (GMT) (envelope-from me@hexren.net) Received: by helium.webpack.hosteurope.de running Exim 4.34 using asmtp helo=hexren.steenbuck.net) id 1Ctq5a-0003do-Fi; Wed, 26 Jan 2005 17:32:18 +0100 Date: Wed, 26 Jan 2005 17:32:17 +0100 From: Hexren X-Mailer: The Bat! (v1.62i) Business X-Priority: 3 (Normal) Message-ID: <1071175490.20050126173217@hexren.net> To: Doug Poland In-Reply-To: <20050126024201.GA49980@polands.org> References: <20050126024201.GA49980@polands.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: questions@freebsd.org Subject: Re: Running public IP's inside an RFC 1597 network X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Hexren List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Jan 2005 16:32:21 -0000 DP> Hello, DP> I'm running a typical Class C RFC 1597 network in my lab. What I want DP> to do is create another network, accessible from my private addresses, DP> that use public IPs. The public IPs exist in the wild but I want to have DP> an isolated environment where I can test what happens in public space, in DP> my lab, before I deploy changes. DP> All the machines in question are running 5.3-STABLE. DP> What I've setup so far are two test servers, host1 (H1) and host2 (H2) DP> with public IPs, and a gateway (GW) machine with one public IP and one DP> private IP. All three machines are on a switch, the gateway has two DP> NICs, one on the public switch and one on the private switch. DP> e.g., DP> External IP Internal IP Defaultrouter IP DP> --------------------- -------------- --------------- DP> GW 123.456.789.1/24 10.20.30.40/24 10.20.30.1 DP> H1 123.456.789.154/24 123.456.789.1 DP> H2 123.456.789.161/24 123.456.789.1 DP> I can ping between the 3 "public" IP's fine until I turn on the GW DP> interface with the private IP. At that point, the GW cannot ping the DP> two "public" servers. DP> Obviously I'll need NAT'ing from the GW to H1 and H2 if I want packets DP> from other hosts on my private network to see the "public" servers. DP> What I can't figure out is how to tell my GW machine that packets DP> destined for the 123.456.789.0/24 network are to go through my other DP> NIC, not out through the GW's default router. DP> I hope I've explained the situation clearly. Googling and reading the DP> friendly manuals has not revealed a solution to me. --------------------------------------------- Can you provide the output of "netstat -nr", please. Once before turning on the Internal NIC of the GW and once after that. Thank you Hexren