From owner-freebsd-questions  Thu Aug 17  0:44:17 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id CAA7C37B510
	for <freebsd-questions@freebsd.org>; Thu, 17 Aug 2000 00:44:13 -0700 (PDT)
	(envelope-from cjc@149.211.6.64.reflexcom.com)
Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Thu, 17 Aug 2000 00:43:04 -0700
Received: (from cjc@localhost)
	by 149.211.6.64.reflexcom.com (8.9.3/8.9.3) id AAA83825;
	Thu, 17 Aug 2000 00:44:08 -0700 (PDT)
	(envelope-from cjc)
Date: Thu, 17 Aug 2000 00:44:03 -0700
From: "Crist J . Clark" <cjclark@reflexnet.net>
To: Steve Lewis <nepolon@systray.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Q: network topologies, routing, TCP/IP
Message-ID: <20000817004403.F28027@149.211.6.64.reflexcom.com>
Reply-To: cjclark@alum.mit.edu
References: <Pine.BSF.4.05.10008161511430.1822-100000@greg.ad9.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <Pine.BSF.4.05.10008161511430.1822-100000@greg.ad9.com>; from nepolon@systray.com on Wed, Aug 16, 2000 at 03:38:18PM -0700
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, Aug 16, 2000 at 03:38:18PM -0700, Steve Lewis wrote:

[snip]

> We have two IP addresses available, only one of which is currently in use
> (1.2.3.4 as above, and 1.2.3.5 is still available).  The second IP
> resolves by DNS to the name of the bastion host (basthost.domain.org), and
> I can use NATD & IPFW to pass traffic on allowed ports to basthost (I know
> how, anticipate no problem there).
> 
> The problem is this:
> I need to have traffic destined to 1.2.3.5 to be routed through 1.2.3.4
> (frontline).
> 
> How can I do this?  I can think of a few ways it may be possible:

Yes.

> 1) Bind 2 IPs to one interface.  I have seen it done in Linux, but I can't
> find a way to do this with FreeBSD in the docs.  How can I bind 1.2.3.5 to
> frontline's public interface in addition to it's current IP address?

Read ifconfig(8),

     The following parameters may be set with ifconfig:
     .
     .
     .
     alias   Establish an additional network address for this interface.  This
             is sometimes useful when changing network numbers, and one wishes
             to accept packets addressed to the old interface.  If the address
             is on the same subnet as the first network address for this in-
             terface, a netmask of 0xffffffff has to be specified.


> 2) Will I need to resort to using a routing package (routed, gated, etc)
> to do this?  I want to avoid running such a package on the firewall for
> reasons which should be easy to discern.  

No need.

> 3) Will I need to have my upstream provider adjust routing for 1.2.3.5 at
> their end?  If so, is this in combination with #2 above?

They are assuming 1.2.3.4 and 1.2.3.5 are on the same wire now?

Anyway, I suggest using the 'redirect_address' feature of natd(8). Put
this other box behind the firewall with one of your RFC1918 numbers
and redirect 1.2.3.5 to that machine.
-- 
Crist J. Clark                           cjclark@alum.mit.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message