From owner-freebsd-hackers Mon Dec 2 14:35:39 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id OAA18687 for hackers-outgoing; Mon, 2 Dec 1996 14:35:39 -0800 (PST) Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id OAA18664 for ; Mon, 2 Dec 1996 14:35:25 -0800 (PST) Received: (from danny@localhost) by panda.hilink.com.au (8.7.6/8.7.3) id JAA17690; Tue, 3 Dec 1996 09:35:41 +1100 (EST) Date: Tue, 3 Dec 1996 09:35:40 +1100 (EST) From: "Daniel O'Callaghan" To: Nate Williams cc: hackers@FreeBSD.org Subject: Re: Routing questions In-Reply-To: <199612021645.JAA28732@rocky.mt.sri.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk On Mon, 2 Dec 1996, Nate Williams wrote: > Background: > I've got a block of 32 IP addresses assigned to me (a chunk out of a > class C), and everything has been working wonderfully thanks to advice > from folks on hackers when I set this up. > > I've thought of two solutions, and the first is so ugly I'm not even > sure it's doable. Basically, I would create host routes to all of his > machines on my 'gateway' box that point to his home-router box. > However, how does his home router box know how to route packets from his > internal ethernet vs. over the PPP line to our office ethernet? There > is also the problem of the portable boxes needing two separate ethernet > addresses (or a scrip that deletes the host routes), one for home and > one for the office. Allocate a block of 8 IP addresses to your boss. On the office gw, arp -s the IPs onto the ethernet interface so the office machines know where your boss is. The office machines continue to use netmask 0xfffffe00. The boss's machines use 0xfffffff8, so they know where the rest of the office is. > The other solution is to do some sort of address munging on my gateway > box. Basically, I'd assign him one of the RFC 1918 networks, and then > have a mapping of 'fake' IP to 'real' IP address on my gateway box. > This would seem to be a fairly common 'firewall' type of job, but I'm > not familiar if such code exists for FreeBSD, or if someone has a better > solution. Darren Reed's ipfilter has NAT code. . I've found the NAT code leaks in kmem under 2.1.0 and 2.1.5. I made an ugly home-brew fix for it, and I've told Darren. I have had no word from Darren as to what he has done about it, or if he can reproduce it. Danny