From owner-freebsd-isp Tue Oct 19 21:25:26 1999 Delivered-To: freebsd-isp@freebsd.org Received: from phoenix.aye.net (phoenix.aye.net [206.185.8.134]) by hub.freebsd.org (Postfix) with SMTP id 963F518350 for ; Tue, 19 Oct 1999 21:25:21 -0700 (PDT) (envelope-from barrett@phoenix.aye.net) Received: (qmail 22083 invoked by uid 1000); 20 Oct 1999 04:26:24 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 20 Oct 1999 04:26:24 -0000 Date: Wed, 20 Oct 1999 00:26:24 -0400 (EDT) From: Barrett Richardson To: FreeBSD -- The Power to Serve Cc: FreeBSD -- The Power to Serve , questions@freebsd.org, isp@freebsd.org Subject: Re: quick gated questions In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 19 Oct 1999, FreeBSD -- The Power to Serve wrote: > Aye, but I want to use SEPERATE routers for each device.. It's a must > since each connectino has filters upstream to prevent use of other IP > addresses that aren't on their network (spoof protection), therefore they > must each be using their own network, so they cant all use the same > network.. > Thanks in advance (again) > Jason DiCioccio Ok. Here's what I think I understand of your problem. You are direct connected to subnet 208.45.16.x/y and there is a gateway on that subnet, 208.45.16.248, beyond which is a larger network I'll call A. You are also direct connected to a subnet 205.252.42.x/y and the gateway on that network, 205.252.42.97 connects to a larger network I'll call B. A filters B, and B filters A. For accesses to your box that originate on network A, you need the return traffic to go back to A via 208.45.16.248. Likewise, you need packets that are return traffic to network B to exit your topology via 205.252.42.97. Am I right? To do this, your box must know the subnets that are both in network A, and network B. You need static routes for each of them, or your box must learn them via a routing protocol. Also, you must take care that your applications are not bound to a particular IP address or the return traffic to one of the networks will have a filtered IP address. Alternatively, you may be able to use ipfw and rule based forwarding as a means to the end. Say your box's ip addresses are 208.45.16.a and 205.252.42.b. You apply a rule that forwards packets with a source address of 208.45.16.a to 208.45.16.249. You apply another rule that forwards packets with a source address of 205.252.42.b to 205.252.42.97. You may want to have some extra rules to ensure that traffic destined to the attached subnets doesn't get bounced off the routers. - Barrett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message