From owner-freebsd-questions Mon Dec 20 11:54:19 1999 Delivered-To: freebsd-questions@freebsd.org Received: from horst.bfd.com (horst.bfd.com [12.9.219.10]) by hub.freebsd.org (Postfix) with ESMTP id 211AA14A1F for ; Mon, 20 Dec 1999 11:54:05 -0800 (PST) (envelope-from ejs@bfd.com) Received: from HARLIE.bfd.com (bastion.bfd.com [12.9.219.14]) by horst.bfd.com (8.9.3/8.9.3) with ESMTP id LAA21796 for ; Mon, 20 Dec 1999 11:54:00 -0800 (PST) (envelope-from ejs@bfd.com) Date: Mon, 20 Dec 1999 11:54:00 -0800 (PST) From: "Eric J. Schwertfeger" To: questions@freebsd.org Subject: Q's about bridging, routing, etc. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'm considering getting a cable modem at home, and am investigating how to work around the local cable companies technical shortcomings. I've got a FreeBSD 3.3 box (soon to be 4.0, since it's SMP and I want wine to work) that I'm planning on setting up as a dual-homed (filtering) firewall, with a static IP address from the cable company. My network printer I plan on giving an RFC-reserved address. The two Win9X boxes I plan on assigning IP addresses with the cable companies DHCP servers. IPFW and bridging seem to handle all the problems, except for one; the cable company uses a different network range and netmask for their dynamic and static addresses, and in fact has multiple networks that they use for DHCP, so you can have two computers in the same household that are on different subnets. Oh, and did I fail to mention that they don't seem to be able to handle machines on the same segment but different networks talking to each other? The firewall is also a SAMBA server, so the machines do talk to each other. So, my question is, when bridging between two interfaces, and an IP address comes in on one side that you want to go back out that same side, but to an address that doesn't match that interface/netmask, what can be done to make this work? The easiest solution would be to make the firewall a proxy rather than just packet filtering, but I hate to have to mess with the firewall every time a new instant messaging program or online game comes out. Paying for two extra static IP addresses is probably not feasible, at $10 a month each. I thought of having the machine use DHCP to configure itself, and have an alias for the static IP address. As long as all three IP addresses come from the same pool, this should work. Maybe I'll need to see if the multiple netmasks is a common problem, or if that was just something transitory while they were renumbering. so, I guess my question is, has anyone already wrestled this problem into submission? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message