From owner-freebsd-hackers  Thu Sep 11 23:24:06 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id XAA08484
          for hackers-outgoing; Thu, 11 Sep 1997 23:24:06 -0700 (PDT)
Received: from counterintelligence.ml.org (mdean.vip.best.com [206.86.94.101])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id XAA08477
          for <freebsd-hackers@FreeBSD.ORG>; Thu, 11 Sep 1997 23:24:03 -0700 (PDT)
Received: from localhost (jamil@localhost)
	by counterintelligence.ml.org (8.8.7/8.8.5) with SMTP id XAA00582;
	Thu, 11 Sep 1997 23:22:55 -0700 (PDT)
Date: Thu, 11 Sep 1997 23:22:55 -0700 (PDT)
From: "Jamil J. Weatherbee" <jamil@counterintelligence.ml.org>
To: Tom <tom@sdf.com>
cc: "J. Weatherbee - Chief Systems Engineer" <root@acromail.ml.org>,
        freebsd-hackers@FreeBSD.ORG
Subject: Re: Stupid Routing Situation
In-Reply-To: <Pine.BSF.3.95q.970911221115.5349A-100000@misery.sdf.com>
Message-ID: <Pine.BSF.3.96.970911231856.554B-100000@counterintelligence.ml.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


Can you give me an example by possibly sending out netstat -r and
ifconfig -a i have a 255.255.255.192 maybye I want to have like 8
computers on the segment between firewall and router (unprotected) and the
others 56 on the second segment (protected), I don't understand why I am
so confused as to how to do this, it is kind of nonstandard --- someone
mentioned using rfc 1918 addresses for the firewall interface and router
but I am pretty sure my router must use a "real" ip.

On Thu, 11 Sep 1997, Tom wrote:

> 
> On Thu, 11 Sep 1997, J. Weatherbee - Chief Systems Engineer wrote:
> 
> > I have a ascend pipeline 50 w/o firewall connected by a crossover cable to
> > a freebsd machine the rest of the network is connected to a second
> > ethernet interface. I want to firewall the machines on the second
> > interface. This would be easy if I two networks, but I dont have enough
> > IP's for that. It is kind of like I just want the machine to act as a
> > bridge but I also want that bridge to be firewalled. Any suggestions,
> > something I am missing. I have done this before with two ethernet segments
> > but like I said these aren't 192.168 addresses and I don't have enough for
> > two networks.
> 
>   How many addresses do you have?  A 255.255.255.252 subnet will do fine
> for the P50 to server segment, since you only have two devices on it.
> Whatever you have left can be used on the other side.  I've done this
> quite a few times.
> 
> Tom
> 



>