Date: Wed, 21 Nov 2001 09:08:41 -0500 (EST) From: Matthew Emmerton <matt@gsicomp.on.ca> To: "Patrick O'Reilly" <patrick@mip.co.za> Cc: Zak Johnson <zakj@fenris.cc>, FreeBSD Question List <freebsd-questions@FreeBSD.ORG> Subject: RE: Complex routing for a firewall Message-ID: <Pine.BSF.4.21.0111210850490.37114-100000@xena.gsicomp.on.ca> In-Reply-To: <NDBBIMKICMDGDMNOOCAIAEDODPAA.patrick@mip.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
n Wed, 21 Nov 2001, Patrick O'Reilly wrote: > > From: Zak Johnson [mailto:zakj@fenris.cc] > > Sent: 20 November 2001 19:28 > > > > Thank you. According to my ISP, this is standard procedure for him; he > > claims Linux can handle this sort of setup just fine, although he hasn't > > shown me a working example. At any rate, I'll have to convince him to > > hand me out another IP in the gateway's netblock. > > I dunno what he's smoking, but it must be good stuff! :) > > Anyway, I suspect I am preaching to the converted. What surprises me is > that an ISP (whose one and only order of business is IP networking) is > apparently confused about how it should work! Ahem, well, in my experiences, ISP are usually staffed with the most under-knowledged , technologically incompetent IT staff. Take one *excellent* example of how not to do things. I just set up two DSL links. They gave us a static IP, and their internal network (over DSL) is 10.10.x.x. That sounds just peachy, right? Well, think again. During PPP negotiation, I get my IP (209.167.x.x) and my default gateway, which is 171.68.187.1. The only problem is that this IP is in a netblock owned by Cisco (and according to hostnames in a traceroute from a different ISP, it's somewhere in the Bay area, which is about 3000 miles away from me.) I figure the only reason this works is that none of their customers are running routing daemons. (I would hate to see what would happen if I started up routed and accidentally dropped Cisco off the 'net. I asked the tech dude and he said "oh, don't worry, that's on our private network". Yeah, whatever. So, unless you have the luxury of working with an ISP that employs staff who know the basics of IP networking, watch out for wierd and wacky configurations that work, even though they shouldn't. -- Matt Emmertonk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0111210850490.37114-100000>