From owner-freebsd-questions@FreeBSD.ORG Wed Jan 26 02:42:28 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 26A8C16A4CE for ; Wed, 26 Jan 2005 02:42:28 +0000 (GMT) Received: from galilee.polands.org (CPE-24-208-53-189.new.rr.com [24.208.53.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5526343D53 for ; Wed, 26 Jan 2005 02:42:27 +0000 (GMT) (envelope-from djp@polands.org) Received: from jericho.polands.org (jericho.polands.org [172.16.1.35]) by galilee.polands.org (8.12.9/8.12.9) with ESMTP id j0Q2gQRZ063374 for ; Tue, 25 Jan 2005 20:42:26 -0600 (CST) (envelope-from djp@polands.org) Received: from jericho.polands.org (localhost [127.0.0.1]) by jericho.polands.org (8.13.1/8.13.1) with ESMTP id j0Q2gQFx050224 for ; Tue, 25 Jan 2005 20:42:26 -0600 (CST) (envelope-from djp@jericho.polands.org) Received: (from djp@localhost) by jericho.polands.org (8.13.1/8.13.1/Submit) id j0Q2gPPL050223 for questions@freebsd.org; Tue, 25 Jan 2005 20:42:25 -0600 (CST) (envelope-from djp) Date: Tue, 25 Jan 2005 20:42:25 -0600 From: Doug Poland To: questions@freebsd.org Message-ID: <20050126024201.GA49980@polands.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.6i Subject: Running public IP's inside an RFC 1597 network X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Jan 2005 02:42:28 -0000 Hello, I'm running a typical Class C RFC 1597 network in my lab. What I want to do is create another network, accessible from my private addresses, that use public IPs. The public IPs exist in the wild but I want to have an isolated environment where I can test what happens in public space, in my lab, before I deploy changes. All the machines in question are running 5.3-STABLE. What I've setup so far are two test servers, host1 (H1) and host2 (H2) with public IPs, and a gateway (GW) machine with one public IP and one private IP. All three machines are on a switch, the gateway has two NICs, one on the public switch and one on the private switch. e.g., External IP Internal IP Defaultrouter IP --------------------- -------------- --------------- GW 123.456.789.1/24 10.20.30.40/24 10.20.30.1 H1 123.456.789.154/24 123.456.789.1 H2 123.456.789.161/24 123.456.789.1 I can ping between the 3 "public" IP's fine until I turn on the GW interface with the private IP. At that point, the GW cannot ping the two "public" servers. Obviously I'll need NAT'ing from the GW to H1 and H2 if I want packets from other hosts on my private network to see the "public" servers. What I can't figure out is how to tell my GW machine that packets destined for the 123.456.789.0/24 network are to go through my other NIC, not out through the GW's default router. I hope I've explained the situation clearly. Googling and reading the friendly manuals has not revealed a solution to me. -- Regards, Doug