Date: Sun, 7 Dec 2003 12:04:02 -0500 (EST) From: <liquid@istop.com> To: "Charles Swiger" <cswiger@mac.com>, "liquid@istop.com" <liquid@istop.com> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: routing, was: Re: <blank subject> Message-ID: <20031207170402.7302C174D5@ns.istop.com> In-Reply-To: <981F72FC-2824-11D8-8386-003065A20588@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Charles Swiger <cswiger@mac.com> said: > Hi, Liquid-- > > On Dec 6, 2003, at 3:06 AM, liquid@istop.com wrote: > > I'm going to have a static IP - say xx.xx.yy.zz - and a subnet as > > follows: > > xx.xx.xx.zz/28 > > Do you mean, "I am switching from a single static IP to a 16-address > subnet", or are you going to have both a static IP on one connection > AND a /28 subnet over a second connection? Sorry I wasn't clearer on that. I have one corporate DSL connection with a static IP. Along with the static IP, I'll get an additional /28 > > > 1. Do I need to inform the ISP of my intentions so that people can > > actually > > connect to an IP which is part of my subnet, but behind this router I > > intend > > to build? (I didn't think it was necessary until I read 19.2.5 in the > > handbook - it doesn't seem like it's necessary based on that alone, > > but it > > has placed some doubt in my mind). > > No, your ISP will route IP traffic for the subnet to you. On the other > hand, certainly you should talk to your ISP about your network topology > if you have any specific issues or questions for them. > > > 2. I currently run my FreeBSD router on a cable connection while > > waiting > > for the new ISP to get setup. I use NAT to translate the EXT. IP to > > the > > internal ones of my lan. I don't need to run nat for the setup I plan > > to > > have do I? > > No, you don't need NAT for IPs on your new subnet: they are "directly > Internet routable" if you want a buzzword. :-) However, you should > spend some time considering security and setting up a firewall. That's what I thought. Again I just needed someone else to say so too for me to be 100% certain. The whole reason for this is in fact security. I plan to do some webhosting, and also, to generate some additional revenue, give out a few accounts for irc bots. You KNOW that can be alot of trouble ;) I'm actually using an openbsd bridged firewall right now, have been for a couple of years and I like it. Firewalling on the FreeBSD box I intend to use as a router will only increase the security. Are there "tricks" regarding running ipf on the router that I should look into? > > Sometime later, you might want to consider how to have machines on your > new network be able to fail-over to your single-IP connection; and one > way of doing so would be to use a NAT gateway of your public IPs from > the /28 subnet via your original connection. [The inverse of > -unregistered_only.] > > > 3. Finally, I've read (briefly thus far) about routed on FreeBSD. > > Would > > this daemon be used in such a way that I don't even need to add static > > routes for LAN? > > Yes, but routed is really intended for dynamic routing within an > intranet, and is overkill for your situation. Specificly, you would > accomplish more by configuring DHCP on your FreeBSD machine and > broadcasting the correct default router IP than you would gain by using > routed. > > Ping all of your machines (or use the subnet broadcast address), and do > an "arp -a" to get MAC addrs, then set up host sections to allocate > static IPs via DHCP, so your machines can all be network > auto-configured even if you rebuild/reinstall the OS on a particular > box. > I think I'll just add the static routes for now. Sounds much simpler. Besides, with all these IP's, I still only have 6 machines behind this router... route add default gw my.isp.gateway route add net my./28.sub.net Those appear to be the only two route commands needed. Of course, I can only know for sure once I get my connection (sometime next week) and set it all up. In the future I may toy with routed just so I can know how it works. each of my machines will have wireless NIC's so they can interconnect using non-routable addresses and so I can connect to them from my desktop machine locally. Obviously I'm quite a routing nubile... my goal would be to setup routing so that from one machine who's address is in my subnet, I can connect to another machine within my subnet but ensure it's all done locally without going out beyond the router for two reasons: A) My monthly bandwidth is capped, B) It would only go at my internet connection speed, and not the full 10/100mbit of the LAN. > > Again, this address is not subscribed, so please answer by putting my > > address in the cc: field. > > Done. Thanks, and thanks also for the responses. Very helpful :) > > -- > -Chuck > > --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031207170402.7302C174D5>