From owner-freebsd-net  Mon Apr 30 14:32:21 2001
Delivered-To: freebsd-net@freebsd.org
Received: from cody.jharris.com (cody.jharris.com [205.238.128.83])
	by hub.freebsd.org (Postfix) with ESMTP id 4B20037B422
	for <freebsd-net@FreeBSD.ORG>; Mon, 30 Apr 2001 14:32:18 -0700 (PDT)
	(envelope-from nick@rogness.net)
Received: from localhost (nick@localhost)
	by cody.jharris.com (8.11.1/8.9.3) with ESMTP id f3UMg6F79860;
	Mon, 30 Apr 2001 17:42:06 -0500 (CDT)
	(envelope-from nick@rogness.net)
Date: Mon, 30 Apr 2001 17:42:06 -0500 (CDT)
From: Nick Rogness <nick@rogness.net>
X-Sender: nick@cody.jharris.com
To: John Wilson <john_wilson100@excite.com>
Cc: freebsd-net@FreeBSD.ORG
Subject: Re: ipfw routing/netmask problem
In-Reply-To: <6458253.988661425565.JavaMail.imail@almond.excite.com>
Message-ID: <Pine.BSF.4.21.0104301734460.77575-100000@cody.jharris.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, 30 Apr 2001, John Wilson wrote:

>  > /---------------------\
>  > |  router 90.91.92.1  |
>  > \---------------------/
>  >          |
>  >          |
>  > /---------------------\   /---------------------\
>  > | fxp0 90.91.92.2/30  |---|  fxp1 90.91.92.?/?  |
>  > \---------------------/   \---------------------/
>  >                                -|     |    |-----------
>  >                               |       |               |
>  >                           /-------\   /-------\   /-------\
>  >                           | NAT 1 |   | NAT 2 |   |  DMZ  |
>  >                           \-------/   \-------/   \-------/
>  > 
>  > All I gotta do is fill in the missing blanks  :)
>  
>  	
>  	fxp1= 90.91.92.17 netmask 255.255.255.240

>  
>  	All DMZ machines (90.91.92.18 -> 90.91.92.30) are setup with the
>  	same netmask (255.255.255.240) and point to .17 as there gateway.

> 
> 
> Sounds good!   Do I need to do anything special on the router?

	Route the network: 90.91.92.16/28 to your BSD machine: 90.91.92.2
	Also, Make sure that the router ethernet interface has a .252
	subnet mask or you will have problems.

> 
> As a side question, do you think a single 600MHz P3 w/128Mb RAM (and
> not too many firewall rules) can handle ~100 NAT clients?

	Depends on what they are doing...but it should be sufficient.

	On another side note, I would seriously look at splitting off your
	DMZ to another network...but, of course, it's your ass not mine.

Nick Rogness <nick@rogness.net>
 - Keep on Routing in a Free World...
  "FreeBSD: The Power to Serve!"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message