Date: Mon, 30 Apr 2001 08:00:18 -0700 (PDT) From: John Wilson <john_wilson100@excite.com> To: freebsd-hackers@freebsd.org Subject: ipfw routing/netmask problem Message-ID: <12354766.988642819102.JavaMail.imail@almond.excite.com>
next in thread | raw e-mail | index | archive | help
I'm trying to set up a FreeBSD firewall for ~100 PCs and ~10 servers, and I'm having some trouble with routing/netmasks. I have 30 IP addresses assigned to me by my ISP, for the sake of this example let's say I've got 90.91.92.0/27. The FreeBSD box has 2 interface cards, fxp0 and fxp1, fxp0 connected to the router, fxp1 to the ethernet switch. The router is 90.91.92.1, fxp0 is 90.91.92.2, netmask 255.255.255.252 (broadcast 90.91.92.3) fxp1 is bound to several IPs, 192.168.1.254 and 192.168.2.254 for two different types of NAT clients, and 90.91.92.4 for the DMZ. The intention is that NAT clients use 192.168.1.254 (or 192.168.2.254) as their default gateway, and DMZ clients use 90.91.92.4. The question is how to choose a netmask for fxp1 that would exclude the default gateway (90.91.92.1), so the machine would route via fxp0. Unfortunately, when I choose a netmask such as 255.255.255.227 (11100011), I'm left with only 6 IPs for the DMZ: 90.91.92.8 (binary 1000) 90.91.92.12 (binary 1100) 90.91.92.16 (binary 10000) 90.91.92.20 (binary 10100) 90.91.92.24 (binary 11000) 90.91.92.28 (binary 11100) This seems like a huge waste of IPs. If I choose any other mask, the machine refuses to route via fxp0, because it thinks the default gateway is accessible via fxp1. Is there a way to save IPs (I need at least 12 DMZ IPs), while achieving the same goal? Thanks John Wilson _______________________________________________________ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?12354766.988642819102.JavaMail.imail>