Date: Thu, 9 Aug 2001 10:07:52 -0400 From: "webdesigns COMNET" <webdesigns@comnet.ca> To: "Krzysztof Zaraska" <kzaraska@student.uci.agh.edu.pl> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Routes Message-ID: <001501c120dc$ae732440$bd7ba8c0@critter> References: <Pine.BSF.4.21.0108091149410.424-100000@lhotse.zaraska.dhs.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for your reply! ----- Original Message ----- From: "Krzysztof Zaraska" <kzaraska@student.uci.agh.edu.pl> To: "webdesigns COMNET" <webdesigns@comnet.ca> Cc: <freebsd-security@FreeBSD.ORG> Sent: Thursday, August 09, 2001 6:04 AM Subject: Re: Routes > On Thu, 9 Aug 2001, webdesigns COMNET wrote: > > > Hi everyone, > > > > On my 4.3-STABLE box I have a new IP subnet implemented. The box is > > connected to a router via a dmz host (internal ip). The router is > > connected to the net with a different ip than the subnets. The only > > communication to the outside world is through my router's internal ip. > > I have set the defaultrouter="router's ip" in rc.conf and I have > > access to the internet, except my ip address translates to the > > external ip of the router. (Which I don't want) I would like all > > connections from my FreeBSD box to show on the internet as one or any > > of my subnet ip's. Can someone help define a setup to get my subnet > > working. > > Address translation is usually done by routers, thus it seems to me that > this is the issue of router configuration. Unless you machine uses private > IPs (that is one with subnet number of 10.0.0.0/8, 172.16.0.0/12 or > 192.168.0.0/16) router may be reconfigured to stop translating your > IP(s). This may however be a serious conflict with local security policy > at your site, since internal addresses are usually hidden for some reason. > My router isn't capable of doing ip translation. It only provides 1 DMZ host, and/or nat specific ports to different lan ips. My machine is using ipfw, default router to the dmz host, 1 lan ip, and 32 public ips. The router only has 1 public address. I would like to share the public subnet across the 1 connection. I believe the router is my problem and should be omited, and a dual-homed setup implemented. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001501c120dc$ae732440$bd7ba8c0>