From owner-freebsd-hackers  Thu Sep 11 22:18:20 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id WAA03988
          for hackers-outgoing; Thu, 11 Sep 1997 22:18:20 -0700 (PDT)
Received: from misery.sdf.com (misery.sdf.com [204.244.210.193])
          by hub.freebsd.org (8.8.7/8.8.7) with SMTP id WAA03974
          for <freebsd-hackers@freebsd.org>; Thu, 11 Sep 1997 22:18:16 -0700 (PDT)
Received: from tom by misery.sdf.com with smtp (Exim 1.62 #1)
	id 0x9O2g-0001UD-00; Thu, 11 Sep 1997 22:13:18 -0700
Date: Thu, 11 Sep 1997 22:13:17 -0700 (PDT)
From: Tom <tom@sdf.com>
To: "J. Weatherbee - Chief Systems Engineer" <root@acromail.ml.org>
cc: freebsd-hackers@freebsd.org
Subject: Re: Stupid Routing Situation
In-Reply-To: <Pine.BSF.3.96.970911192854.16841A-100000@acromail.ml.org>
Message-ID: <Pine.BSF.3.95q.970911221115.5349A-100000@misery.sdf.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


On Thu, 11 Sep 1997, J. Weatherbee - Chief Systems Engineer wrote:

> I have a ascend pipeline 50 w/o firewall connected by a crossover cable to
> a freebsd machine the rest of the network is connected to a second
> ethernet interface. I want to firewall the machines on the second
> interface. This would be easy if I two networks, but I dont have enough
> IP's for that. It is kind of like I just want the machine to act as a
> bridge but I also want that bridge to be firewalled. Any suggestions,
> something I am missing. I have done this before with two ethernet segments
> but like I said these aren't 192.168 addresses and I don't have enough for
> two networks.

  How many addresses do you have?  A 255.255.255.252 subnet will do fine
for the P50 to server segment, since you only have two devices on it.
Whatever you have left can be used on the other side.  I've done this
quite a few times.

Tom