From owner-freebsd-ipfw Thu May 25 9:34:12 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from relay.ultimanet.com (relay.ultimanet.com [205.179.129.1]) by hub.freebsd.org (Postfix) with ESMTP id 49CB037C970 for ; Thu, 25 May 2000 09:33:53 -0700 (PDT) (envelope-from randy@Cloudfactory.ORG) Received: from Cloudfactory.ORG (cloudfactory.org [205.179.129.18]) by relay.ultimanet.com (8.9.3/8.9.3) with ESMTP id KAA07940 for ; Thu, 25 May 2000 10:28:23 -0700 Message-Id: <200005251728.KAA07940@relay.ultimanet.com> To: freebsd-ipfw@FreeBSD.ORG Subject: Re: question about natd/ipfw In-Reply-To: Message from Brian Hechinger of "Thu, 25 May 2000 11:26:25 EDT." <200005251526.LAA59553@entropy.tmok.com> Date: Thu, 25 May 2000 09:35:02 -0700 From: Randy Primeaux Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Did they delegate to you a single IP out of a /24, and a delegated /29 ? If so, it sounds to me like the delegated the /29 CIDR block to you in a way that you could connect their DSL bridge to your edge router, then on the inside of your edge router would like the netblock, and behind that would be second router running NAT. DSL <-> static router <-/29-> NAT router <-> private LAN. modem / cat5 / freebsd0 / hub0 / freebsd1 / hub1 / other hosts For reference of Variable Length Subnet Table, see rfc1878. Brian Hechinger writes: > NOTE: sorry for the cross-post, tell me which list is more appropriate and i' > ll > drop the other one. > > a freebsd user has been helping me with this, but this is out of his realm of > experience. i am setting up a NAT box/router for my Covad/DCA Net DSL link. > > i will have two sets of outside IP addresses, a single IP address that will b > e > bound to my outside interface which comes from covad, and a /29 block from > DCA Net. the /29 will be routed through the outside interface into the NAT > box, and from there i want to be able to use them as an "outside NAT pool" > externally they will just look like an average domain, but that i will be abl > e > to redirect as i please internally. > > so, my question is: what do i do with the /29? do i create aliases on my > outside interface for them all? do i create aliases on my inside interface > for them all? do i bind them to lo0? attatching them to the outside interfac > e > seems wrong to me as well as attatching them to the inside interface since > they should be listened to on either interface, hence my thought to bind them > to the loopback device since i view these things as being "virtual" > > ipfw: using NAT and firewall_type="open" NAT blocks all non-redirected traffi > c? > > > thanks, > > -brian > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message -- Randy Primeaux randy@cloudfactory.org http://cloudfactory.org/~randy/ tranze@hyperreal.org http://hyperreal.org/~tranze/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message