Date: Mon, 4 Jun 2001 21:44:23 -0500 From: Andrew Hesford <ajh3@usrlib.org> To: FreeBSD-questions <freebsd-questions@freebsd.org> Subject: Router/Firewall Message-ID: <20010604214423.A70020@core.usrlib.org>
next in thread | raw e-mail | index | archive | help
Suppose I have a block of IP addresses, let's say 128.252.130.0/0xfffffff0. I have a FreeBSD server with two network cards, dc0 and xl0. My ISP provides me with a gateway, 128.252.130.209. I wish to insert the FreeBSD server between my access line (a T1) and my internal network, while retaining publicly-addressable IP addresses on the internal network. Let's say the external interface on the FreeBSD machine, xl0, is 128.252.130.211 and it connects directly to the T1 through a dedicated router and some crossover cable. dc0, which is connected to my internal network, will be called 128.252.130.220. This setup poses a problem: I cannot seem to set the routing properly. I need any packet NOT going to 128.252.130.0/0xfffffff0 to be routed to 128.252.130.209 over xl0, and all packets going to my block to be handled over dc0 with no gateway. Setting a default route for the gateway, and a specific route over dc0, does not work. Nor does the other way around (as one might expect). The best I can do is be able to ping my internal network, or ping hosts on the Internet, but not both at one time. Any information on proper routing, or a more preferred setup, would be appreciated. You don't need to recommend or explain NAT; this is how the network is configured at the moment. I would like to do away with NAT in order to keep internal hosts publicly addressable without fancy rewriting tricks. Thanks, -- Andrew Hesford ajh3@usrlib.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010604214423.A70020>