From owner-freebsd-stable Thu Sep 27 7:35:28 2001 Delivered-To: freebsd-stable@freebsd.org Received: from pr0n.kutulu.org (pr0n.kutulu.org [151.196.107.157]) by hub.freebsd.org (Postfix) with ESMTP id CD91037B40F for ; Thu, 27 Sep 2001 07:35:24 -0700 (PDT) Received: from kutulu.kutulu.org ([64.212.128.3]) by pr0n.kutulu.org (8.11.6/8.11.6) with ESMTP id f8R9cj781435; Thu, 27 Sep 2001 09:38:49 GMT (envelope-from kutulu@kutulu.org) Message-Id: <5.1.0.14.0.20010927100649.009ff800@127.0.0.1> X-Sender: kutulu@127.0.0.1 X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 27 Sep 2001 10:17:45 -0400 To: Mike Porter From: Kutulu Subject: Re: 127/8 continued Cc: swear@blarg.net (Gary W. Swearingen), Jamie Norwood , freebsd-stable@FreeBSD.ORG In-Reply-To: <200109271411.f8REBNH02164@c1828785-a.saltlk1.ut.home.com> References: <20010924094048.X5906-100000@coredump.scriptkiddie.org> <20010926134253.A65444@mushhaven.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 08:11 AM 09/27/2001 -0600, Mike Porter wrote: > (Yes, you can alias more than one IP to an >interface, however, IIUC, this affects the listening for packets, not the >sending of packets, packets sent out an interface receive the primary >interface address (somebody correct me if I'm wrong?). It's possible to specify any of the local IP addresses when you call bind() on a newly created socket. However, it's mostly program-specific whether this actually happens or how to specify which. Typically you find IRC programs like BitchX doing this to allow people to use vanity hostnames, but I'm sure there are more legitimate reasons for it as well. >However, with a /29, >you could use a 1-to-1 NAT, which should eliminate any of the problems >typically associated with NAT. Unless your NAT application also contains very good content manipuilation rules, protocols in the vein of FTP which pass IP numbers as part of the packet's payload will still have problems. Apart from that, however, I can vouch for the fact that this setup works. I have used it in the past, when my former employer made the mistake of chooing $LOCAL_TELCO for our network provider, and they would only give us a /28 to share among 12 machines. We were unable to set up a true DMZ with just one web server in it and still have room for the remaining 10 machines on the other subnet, so we ended up using NAT and adding a few strategic static routes on the gateway/firewall, webserver, and for good measure, the router. --K To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message