From owner-freebsd-hackers  Thu Oct 24 23:53:06 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id XAA28814
          for hackers-outgoing; Thu, 24 Oct 1996 23:53:06 -0700 (PDT)
Received: from who.cdrom.com (who.cdrom.com [204.216.27.3])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id XAA28792;
          Thu, 24 Oct 1996 23:53:03 -0700 (PDT)
Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120])
          by who.cdrom.com (8.7.5/8.6.11) with ESMTP id UAA14903
          ; Thu, 24 Oct 1996 20:27:04 -0700 (PDT)
Received: from msmith@localhost by genesis.atrad.adelaide.edu.au (8.6.12/8.6.9) id MAA16661; Fri, 25 Oct 1996 12:55:03 +0930
From: Michael Smith <msmith@atrad.adelaide.edu.au>
Message-Id: <199610250325.MAA16661@genesis.atrad.adelaide.edu.au>
Subject: Re: Is this network possible with FreeBSD ???
To: moos@degnet.baynet.de
Date: Fri, 25 Oct 1996 12:55:03 +0930 (CST)
Cc: jgreco@brasil.moneng.mei.com, freebsd-hackers@FreeBSD.org,
        questions@FreeBSD.org
In-Reply-To: <326F4584.2F7E@degnet.baynet.de> from "Darius Moos" at Oct 24, 96 09:31:32 am
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

Darius Moos stands accused of saying:
> 
> Now what i want to do today as follows. Please make some suggestions,
> corrections or commitments on this. Again the picture is appended
> below.
> 1. The router is a KA9Q-ISPA-router, not capable of bridging.
> 2. The machines on the private company network (192.168.3.x) need
>    a gateway (the FreeBSD-box) and this gateway should be the
>    WWW-server, WWW-proxy and SMTP-server. I was told, the gateway
>    (the FreeBSD-box) has to have a IP in the private company network
>    (192.168.3.x), because they are all Windows machines and Windows
>    needs this (i don't know if Windows does it really need).

If the Windows machines are on the 192.168.3 network, then they need an
address on this network to route via.

> 3. ifconfigs for the FreeBSD-box:
>       ifconfig ed0 inet 1.2.3.253 netmask 0xffffff00
>       ifconfig ed0 inet 192.168.3.1 netmask 0xfffffc00 alias
> 4. I'll config the NE2000-device of the router to
>      1.2.3.36 with netmask 0xffffff00
> 5. I'll change the 100MBit-device of the router to
>      192.168.3.104 with netmask 0xfffffc00

I'll leave the above there for reference, but I'm going to suggest that you
consider the following :

Use the 192.168.3.x network for your Windows machines only.  Give them
a netmask of 0xffffff00, ie a /24 network.

Put the KA9Q box at, say, 192.168.3.254, and have this set as the 
gateway for the Windows machines.

Use the network 192.168.4.x/24 for the network between the KA9Q and
BSD boxes for carrying traffic for the Windows machines.  Tell the
Windows systems that their proxy is at 192.168.4.1, and alias this
onto the BSD system.

To achieve your outside routing from the BSD box to the rest of the
world, you add the 1.2.3.253 address onto the BSD system's interface,
and then add a default route via the address of the KA9Q box.

So, your /etc/sysconfig on the BSD box would look something like :

network_interfaces"ed0 ed0_alias lo0"
ifconfig_ed0="inet 1.2.3.254 netmask 255.255.255.0"
ifconfig_ed0_alias="inet 192.168.4.1 alias netmask 255.255.255.0"
...

defaultrouter="1.2.3.36"

Then you have to tell the KA9Q box that 192.168.4.x can be reached via
1.2.3.253.

So the picture changes to look like this :

                   +---------------+
                   | FreeBSD-2.1.0 |
                   |+-------------+|
                   ||   NE 2000   ||
                   || 192.168.4.1 ||
                   ||   1.2.3.253 ||
                   ++------o------++
                           |
                           |
                  ++-------o-------++
                  || NE 2000       ||
                  ||   1.2.3.36    ||
                  |+---------------+|
                  |                 |
                  |         +-------+
                  | Router  | ISDN  o------------o ISP  1.2.3.x
                  |         +-------+
                  |                 |
                  |+---------------+|
                  || 100 MBit      ||
                  || 192.168.3.104 ||
                  ++-------o-------++
                           |
                           |
                  ++-------o-----++
                  ||   100 MBit  ||
                  || 192.168.3.2 ||
                  |+-------------+|
                  |               |
                  |  192.168.3.x  |

note :

 - The network arrangement with your ISP smells really bad.  If you have
   1.2.3.x at both ends of the ISDN link, then something is very screwy
   and I suspect that nothing will work anyway.

   The addresses you've given on the 1.2.3 network imply that you have the
   entire range assigned to the ether between the router and the BSD
   system, so there's nowhere for the address at the other end of
   the ISDN link to live.  Without more details here (and some 
   explanation of KA9Q) I can't be more definite.

-- 
]] Mike Smith, Software Engineer        msmith@gsoft.com.au.au          [[
]] Genesis Software                     genesis@gsoft.com.au            [[
]] High-speed data acquisition and      (GSM mobile)     0411-222-496   [[
]] realtime instrument control.         (ph)          +61-8-8267-3493   [[
]] Unix hardware collector.             "Where are your PEZ?" The Tick  [[