Date: Tue, 9 Dec 1997 17:32:13 -0800 (PST) From: "J. Weatherbee - Senior Systems Architect" <jamil@acroal.com> To: Joerg Wunsch <joerg_wunsch@uriah.heep.sax.de> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: I seriously need some networking help Message-ID: <Pine.BSF.3.96.971209172535.14602A-100000@acroal.com> In-Reply-To: <199712092336.AAA04738@uriah.heep.sax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
I attempted making the firewall to router link a 192.168.x.x network, and using dual ip on it, unfortunately it interesting that the link gets published by traceroute for instance from the outside world. But 192.168.x.x is certainly not routable, anyway the lack of seemlessness bothered the hell out of me so I took it down (what I really wanted was what pppd does with the -alias option, but too the pipeline. Seems possible, just not supported since that ethernet is just a fast serial port for me (crossover)) anyway I got my isp to give me an 8 ip address network for the link, in my opinion a waste of yet another 8 ip addresses! I guess this is why people buy pipelines with the firewalling option, oh well. On Wed, 10 Dec 1997, J Wunsch wrote: > "Jamil J. Weatherbee" <jamil@trojanhorse.ml.org> wrote: > > > .., it is > > possible for ed0 to have a different ip address than ed1 but router0 must > > believe that it is on the windoze ethernet and the windoze ethernet must > > believe that router0 is local to it. > > Nope, all IP interfaces on one machine must be in different IP > networks. (The only exception: for p2p interfaces (SLIP, PPP), the IP > address of the remote end counts, while the local one can be > duplicated.) > > For me, it would seem to be best to use a 192.168.something net > between router0 and the FreeBSD packet filter, but of course, this > requires some minor reconfiguration on router0 (which turns into a > major reconfiguration since router0 happens to be an Ascend P50, which > has a rather confusing terminology and setup screens when it comes to > something like this -- been there last week, done that). Note that > the WAN-side IP address of router0 would remain unaffected by this, so > there's not much visible about this reconfiguration from your ISP's > point of view, except traceroute will trace one additional gateway > with some 192.168 address. > > Failing this, maybe you could do some cute and clever tricks with > divert sockets, natd, and explicit host routing out an Ethernet > interface, but all this looks rather hacky compared to the above > `transit network' solution. > > -- > cheers, J"org > > joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE > Never trust an operating system you don't have sources for. ;-) >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971209172535.14602A-100000>