From owner-freebsd-questions Tue May 8 12: 9:52 2001 Delivered-To: freebsd-questions@freebsd.org Received: from dsl-64-193-218-89.telocity.com (dsl-64-193-218-89.telocity.com [64.193.218.89]) by hub.freebsd.org (Postfix) with SMTP id ED09337B423 for ; Tue, 8 May 2001 12:09:48 -0700 (PDT) (envelope-from lucas@slb.to) Received: (qmail 641 invoked by uid 1000); 8 May 2001 19:10:07 -0000 Date: Tue, 8 May 2001 14:10:07 -0500 From: Lucas Bergman To: Artem Koutchine Cc: questions@FreeBSD.ORG Subject: Re: Networks routing, natd and subnetting question Message-ID: <20010508141007.A25810@billygoat.slb.to> Reply-To: lucas@slb.to References: <000001c0d7af$db8d67e0$71a59ed4@ipform.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <000001c0d7af$db8d67e0$71a59ed4@ipform.ru>; from matrix@ipform.ru on Tue, May 08, 2001 at 03:08:49PM +0400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > I have an allocated ip network for my intranet: xxx.yyy.zzz.96 > netmask 224 (0xffffffe0) > > the local network is connected to the outer world like this: > > CISCO 1601 <->FREEBSD <-> bunch of Win/FBSD pcs the 'bunch' only > uses for now 192.168.a.b network to make it totaly safe. CISCO has > xxx.yyy.zzz.97 and FreeBSD has two interfaces ed0 (external to > CISCO) xxx.yyy.zzz.98 and ed1 (internal to local network) > 192.168.0.1 Local network goes to internet using natd > (--unregistered-only -l -use_sockets on interface ed0)... > > One of the local network machines REALLY needs a real IP address to > be accessed from the outer world. The machine should have the > address xxx.yyy.zzz.102... Okay, check. > 1) Assign xxx.yyy.zzz.102 as an alias IP address to ed0 on the > FreeBSD and use nat to redirect all traffic from xxx.yyy.zzz.102 to > 192.168.0.102. The question is: How do i do that? Do I just add > extra option to natd (-redirect_address) or i need to add some ipfw > rule too? It's been a while since I've used stock natd (I made the switch to ipfilter/ipnat), but I think that's fine. If NAT is working for you already, then your firewall rules are already okay; i.e., they make sure that natd sees anything coming in or going out via the external interface. Don't forget 'netmask 0xffffffff' for the alias. > 2) Route this address directly, so, natd is not used at all and the > machine on the localnet gets a real IP. Here is what i tried: I > changed 192.168.0.102 to xxx.yyy.zzz.102 and on the FreeBSD box > added: > route add -host xxx.yyy.zzz.102 interface ed1 > ping xxx.yyy.zzz.102 > > [schnipp] Hmm... all this contortion is necessary because your physical topology (the arrangement of Cat. 5 cable among Ethernets) doesn't match your IP topology. In particular, you want the machine with address x.y.z.102 to be hooked up to the 192.168.0.0/24 network, instead of hooked up to the x.y.z.96/27 network, where it belongs. Before getting into obscure routing/ARP issues, try the "hardware" solution: 0) Assign x.y.z.102 to the box that needs that address, and physically hook it up to the proper network; i.e., run a cable from that machine's port in the patch panel (or whatever) to the 1601, instead of to the hub hooked up to the FreeBSD box (or configure your switching hub to put that box on the same 'net as the 1601, etc.). This puts Ethernets and IP subnets in one-to-one correspondence, which means no baroque routing is necessary. Lucas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message