From owner-freebsd-security Thu Aug 9 7:13:38 2001 Delivered-To: freebsd-security@freebsd.org Received: from comnet.ca (comnet.ca [216.191.240.2]) by hub.freebsd.org (Postfix) with ESMTP id CA2DF37B406 for ; Thu, 9 Aug 2001 07:13:30 -0700 (PDT) (envelope-from webdesigns@comnet.ca) Received: from critter (64.39.176.9.comnet.ca [64.39.176.9]) by comnet.ca (8.11.3/8.11.3) with SMTP id f79E8mG10142; Thu, 9 Aug 2001 10:08:48 -0400 (EDT) Message-ID: <001501c120dc$ae732440$bd7ba8c0@critter> From: "webdesigns COMNET" To: "Krzysztof Zaraska" Cc: References: Subject: Re: Routes Date: Thu, 9 Aug 2001 10:07:52 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thanks for your reply! ----- Original Message ----- From: "Krzysztof Zaraska" To: "webdesigns COMNET" Cc: Sent: Thursday, August 09, 2001 6:04 AM Subject: Re: Routes > On Thu, 9 Aug 2001, webdesigns COMNET wrote: > > > Hi everyone, > > > > On my 4.3-STABLE box I have a new IP subnet implemented. The box is > > connected to a router via a dmz host (internal ip). The router is > > connected to the net with a different ip than the subnets. The only > > communication to the outside world is through my router's internal ip. > > I have set the defaultrouter="router's ip" in rc.conf and I have > > access to the internet, except my ip address translates to the > > external ip of the router. (Which I don't want) I would like all > > connections from my FreeBSD box to show on the internet as one or any > > of my subnet ip's. Can someone help define a setup to get my subnet > > working. > > Address translation is usually done by routers, thus it seems to me that > this is the issue of router configuration. Unless you machine uses private > IPs (that is one with subnet number of 10.0.0.0/8, 172.16.0.0/12 or > 192.168.0.0/16) router may be reconfigured to stop translating your > IP(s). This may however be a serious conflict with local security policy > at your site, since internal addresses are usually hidden for some reason. > My router isn't capable of doing ip translation. It only provides 1 DMZ host, and/or nat specific ports to different lan ips. My machine is using ipfw, default router to the dmz host, 1 lan ip, and 32 public ips. The router only has 1 public address. I would like to share the public subnet across the 1 connection. I believe the router is my problem and should be omited, and a dual-homed setup implemented. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message