Date: Tue, 8 May 2001 22:29:16 +0400 From: "Artem Koutchine" <matrix@ipform.ru> To: <questions@FreeBSD.ORG> Subject: Networks routing, natd and subnetting question Message-ID: <008d01c0d7ec$cb2dbd40$0c00a8c0@ipform.ru>
next in thread | raw e-mail | index | archive | help
Hi! I haven't asked any questions for a while now but today i stumbled into a seemenly simple problem and cannot solve it. I have an allocated ip network for my intranet: xxx.yyy.zzz.96 netmask 224 (0xffffffe0) the local network is connected to the outer world like this: CISCO 1601 <->FREEBSD <-> bunch of Win/FBSD pcs the 'bunch' only uses for now 192.168.a.b network to make it totaly safe. CISCO has xxx.yyy.zzz.97 and FreeBSD has two interfaces ed0 (external to CISCO) xxx.yyy.zzz.98 and ed1 (internal to local network) 192.168.0.1 Local network goes to internet using natd (--unregistered-only -l -use_sockets on interface ed0). Routes on the FreeBSD are: netstat -rn default xxx.yyy.zzz.97 UGSc 10 21354 ed0 127.0.0.1 127.0.0.1 UH 5 50 lo0 192.168 link#2 UC 0 0 ed1 => xxx.yyy.zzz.96/27 link#1 UC 0 0 ed0 => Everything works fine. But a problem came up. One of the local network machines REALLY needs a real IP address to be accessed from the outer world. The machine should have the address xxx.yyy.zzz.102 As i see i have two options: 1) Assign xxx.yyy.zzz.102 as an alias IP address to ed0 on the FreeBSD and use nat to redirect all traffic from xxx.yyy.zzz.102 to 192.168.0.102. The question is: How do i do that? Do I just add extra option to natd (-redirect_address) or i need to add some ipfw rule too? 2) Route this address directly, so, natd is not used at all and the machine on the localnet gets a real IP. Here is what i tried: I changed 192.168.0.102 to xxx.yyy.zzz.102 and on the FreeBSD box added: route add -host xxx.yyy.zzz.102 interface ed1 ping xxx.yyy.zzz.102 got: 36 bytes from localhost (192.168.0.1): Time to live exceeded Vr 4 Hl 5 TOS 00 Len 5400 ID 0755 Flg 0 off 0000 TTL 01 Pro 01 cks 77a6 Src 192.168.0.1 Dst xxx.yyy.zzz.102 also tried: route add -host xxx.yyy.zzz.102 192.168.0.1 got the same problem. Now, i went further and split the network i got (xxx.yyy.zzz.96 255.255.255.224) into two subnetworks: SN1: xxxx.yyy.zzz.96 255.255.255.240 SN2: xxxx.yyy.zzz.112 255.255.255.240 SN1 is routed via ed0 and SN2 via ed1: netstat -rn xxx.yyy.zzz.96/28 link#1 UC 0 0 ed0 => xxx.yyy.zzz.112/28 link#2 UCSc 1 0 ed1 => Instead of .102 i assigned .113 address to the localnetwork host (to match SN2). Now i can do ping from FreeBSD to xxx.yyy.zzz.113 and i can do ping from xxx.yyy.zzz.113 to FreeBSD (192.168.0.1) However, I cannot ping external interface (ed0) on the FreeBSD from xxx.yyy.zzz.113. Nor i can ping xxx.yyy.zzz.114 from outerworld (beyond CISCO). BTW: 113 is a WIN98 box. The questions are: 1) What's the deal with not being able to ping external interface of FreeBSD? I can't even figure out where the problem with routing is: On 113 or on FreeBSD? 2) CISCO routes xxx.yyy.zzz.96 255.255.255.224 to FreeBSD and back, when I do subnetwork to I have to inform CISCO about this in any way? 3) This subnetworking wastes 16 addresses. Is there any way not waste them like this? (wasted addresses are those in the extrernal subnetwork SN1, because all other pcs are behind FreeBSD and this will be always like this). Sorry for the mess, I tried to explain in detail what i got. Help will be very appriciated. Thanks in advance, Artem To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?008d01c0d7ec$cb2dbd40$0c00a8c0>