Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Apr 2002 22:25:38 -0600
From:      Brett Glass <brett@lariat.org>
To:        freebsd-net@freebsd.org
Subject:   Configuring a router to work on an unregistered internal subnet
Message-ID:  <4.3.2.7.2.20020418220457.0223da60@nospam.lariat.org>
next in thread | raw e-mail | index | archive | help 
I'm in the process of creating a router which will sit on an ISP's 
internal subnet, which uses unregistered addresses. The router's upstream 
interface will have an unregistered address, say, 10.X.Y.Z. Its 
downstream interfaces will have registered IPs, so it looks like this:

                                    _ A.B.C.1 -> feeds 
A.B.C/25
                        10.X.Y.Z   /
ISP and Internet ---------[Router]\_ A.B.D.1 -> feeds A.B.D/26
   10.X.Y/24                            etc.

But here's the rub. When the router communicates with the outside world 
on its own behalf (which it has to do; it's going to serve as a 
transparent Web cache as well as a router), it needs to use one of its 
registered addresses as the source address, or the packets won't leave 
the ISP's internal network.

My first attempt at configuring a FreeBSD machine to do this didn't work. 
When attempting to speak to the Internet at large, it used its 10.X.Y.Z 
address as the source address on its packets, and of course this caused 
them to stop at the ISP's gateway router (which is not doing NAT). What's 
the easiest way to tell it to use the address of one of its internal 
interfaces (say, A.B.C.1) when talking to the rest of the world, but send 
those packets out the 10.X.Y.Z interface?

Also, if I'm doing an FTP install of FreeBSD on the router (I want to 
load 4.5-RELEASE-p3 rather than 4.5-RELEASE, to nuke the zlib, OpenSSH, 
and tcp memory leak bugs), how do I configure the interfaces, etc. from 
sysinstall to do The Right Thing? (If this is really tough, I do have 
another network I can plug the machine into, but I'll have to unbolt it 
from a rack and schlep it to another part of the building.)

--Brett Glass

P.S. -- I'm not currently subscribed to FreeBSD-net, so please copy me on 
responses.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20020418220457.0223da60>