From owner-freebsd-questions  Mon Jun  4 19:45:37 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from core.usrlib.org (CC2-861.charter-stl.com [24.217.115.99])
	by hub.freebsd.org (Postfix) with ESMTP id 2532937B406
	for <freebsd-questions@freebsd.org>; Mon,  4 Jun 2001 19:45:35 -0700 (PDT)
	(envelope-from ajh3@core.usrlib.org)
Received: by core.usrlib.org (Postfix, from userid 1001)
	id 55126A859; Mon,  4 Jun 2001 21:44:23 -0500 (CDT)
Date: Mon, 4 Jun 2001 21:44:23 -0500
From: Andrew Hesford <ajh3@usrlib.org>
To: FreeBSD-questions <freebsd-questions@freebsd.org>
Subject: Router/Firewall
Message-ID: <20010604214423.A70020@core.usrlib.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
X-Loop: Andrew Hesford
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Suppose I have a block of IP addresses, let's say
128.252.130.0/0xfffffff0. I have a FreeBSD server with two network
cards, dc0 and xl0. My ISP provides me with a gateway, 128.252.130.209.
I wish to insert the FreeBSD server between my access line (a T1) and my
internal network, while retaining publicly-addressable IP addresses on
the internal network.

Let's say the external interface on the FreeBSD machine, xl0, is
128.252.130.211 and it connects directly to the T1 through a dedicated
router and some crossover cable. dc0, which is connected to my internal
network, will be called 128.252.130.220.

This setup poses a problem: I cannot seem to set the routing properly. I
need any packet NOT going to 128.252.130.0/0xfffffff0 to be routed to
128.252.130.209 over xl0, and all packets going to my block to be
handled over dc0 with no gateway. Setting a default route for the
gateway, and a specific route over dc0, does not work. Nor does the
other way around (as one might expect). The best I can do is be able to
ping my internal network, or ping hosts on the Internet, but not both at
one time.

Any information on proper routing, or a more preferred setup, would be
appreciated. You don't need to recommend or explain NAT; this is how the
network is configured at the moment. I would like to do away with NAT in
order to keep internal hosts publicly addressable without fancy
rewriting tricks.

Thanks,
-- 
Andrew Hesford
ajh3@usrlib.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message