Date: Fri, 11 May 2001 23:10:14 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "User Taylorm" <taylorm@bytecraft.au.com>, <oberman@es.net>, <wayne.pascoe@realtime.co.uk> Cc: <questions@FreeBSD.ORG> Subject: RE: OT: TCP/IP Subnetting Message-ID: <001901c0daaa$356b64e0$1401a8c0@tedm.placo.com> In-Reply-To: <20010512053020.788F5BA7B@spyder.bytecraft.au.com>
next in thread | previous in thread | raw e-mail | index | archive | help
There is no problem routing between a 10.X network on the internal Ethernet interface and a second public network on that same interface - we have this configuration set up on a customer of ours. However, you know that you cannot route between the 10. network on the inside and the public numbers on the outside, of course, you have to use translation for that. Here's the config on our customer's FreeBSD 4.3 router - IP nums have been changed to protect the indecent. ;-) Also note that the external interface is an Ethernet interface (it's actually plugged into a wireless link to us) sendmail_enable="NO" gateway_enable="YES" sshd_enable="YES" inetd_enable="YES" # network_interfaces="rl0 rl1 rl1_alias0 lo0" ifconfig_rl0="inet 250.19.12.28 netmask 255.255.255.224 media 10BaseT/UTP" ifconfig_rl1="inet 10.168.1.1 netmask 255.255.255.0" ifconfig_rl1_alias0="inet 104.8.125.1 netmask 255.255.255.192" defaultrouter="250.19.12.1" hostname="router-out.foo.com" firewall_enable="YES" firewall_type="eatme" natd_enable="YES" natd_flags="-f /etc/natd.cf" natd_interface="rl0" ntpdate_enable="YES" ntpdate_flags="55.55.55.55" xntpd_enable="YES" /etc/natd.cf contains unregistered_only yes among other things. Kernel is compiled with IPDIVERT and IPFIREWALL. This causes routing between rl1 and rl1_alias0, routing between rl1 and rl0, and natting between rl1_alias0 and rl0 Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com >-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of User Taylorm >Sent: Friday, May 11, 2001 10:30 PM >To: oberman@es.net; wayne.pascoe@realtime.co.uk >Cc: questions@FreeBSD.ORG >Subject: Re: OT: TCP/IP Subnetting > > >>From owner-freebsd-questions@FreeBSD.ORG Sat May 12 03:31:38 2001 >>To: Wayne Pascoe <wayne.pascoe@realtime.co.uk> >>Cc: questions@FreeBSD.ORG >>Subject: Re: OT: TCP/IP Subnetting >>Date: Fri, 11 May 2001 10:31:27 -0700 >>From: "Kevin Oberman" <oberman@es.net> > >>Wayne, > >>There are better possibilities. > >>Break up the /25 as follows: >>Size Addresses Start Address Net Mask >>/26 62 addresses 128.1.1.128 255.255.255.192 >>/27 30 addresses 128.1.1.192 255.255.255.224 >>/28 14 addresses 128.1.1.224 255.255.255.240 >>/29 6 addresses 128.1.1.240 255.255.255.248 > >>You may move the blocks around, but be careful calculating the >>addresses! > >>Use the /29 for your 4 machine space. Use the other spaces for the >>rest of the systems, starting with the largest (/26). You can work >>communication by either setting up a system as a router between the >>address spaces or, more cleanly, you can set up appropriate routing >>table entries on each system with routes to the local network for each >>subnet that is used in the LAN. > >>This means pointing 128.1.1.128, 128.1.1.192 and 128.1.1.224 at the >>local link. See the route(8) and netstat(1) man pages for more hints >>on how this can be done. Note that route(8) in FreeBSD does support >>CIDR add/len notation to make this easier. > >Can you expand on this a bit? >I would like to establish a host as a router between our >registered IP #s and an existing 10. based net, via the same >interface... >we have a point ot point link on ng0 (via a frame relay card) and >our internal lan on an fxp interface. i have setup the >ifconfig to use the 10. address and to real.address as an alias >However it seens that the route mechanism wont allow this as >there is no forwarding between our 10. net and our real.address net >via the common interface. Is this because it has (of course) the >same MAC address and the routing s/ware cant cope? > >>It has a major downside in requiring the configuration be loaded on >>EVERY system. > >>While this looks ugly, it's how the Internet works and all providers >>do this routinely, although it's far easier to configure on a Cisco or >>Juniper than on a FreeBSD host. > >>R. Kevin Oberman, Network Engineer >>Energy Sciences Network (ESnet) >>Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) >>E-mail: oberman@es.net Phone: +1 510 486-8634 > > >Murray Taylor, Project engineer > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001901c0daaa$356b64e0$1401a8c0>