Date: Mon, 30 Apr 2001 11:31:15 -0500 (CDT) From: Nick Rogness <nick@rogness.net> To: John Wilson <john_wilson100@excite.com> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: ipfw routing/netmask problem Message-ID: <Pine.BSF.4.21.0104301117420.77575-100000@cody.jharris.com> In-Reply-To: <12354766.988642819102.JavaMail.imail@almond.excite.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 30 Apr 2001, John Wilson wrote: This probably belongs on freebsd-net or freebsd-questions. > > I have 30 IP addresses assigned to me by my ISP, for the sake of this > example let's say I've got 90.91.92.0/27. The FreeBSD box has 2 > interface cards, fxp0 and fxp1, fxp0 connected to the router, fxp1 to > the ethernet switch. OK. > > The router is 90.91.92.1, fxp0 is 90.91.92.2, netmask 255.255.255.252 > (broadcast 90.91.92.3) > Is the netmask on the router set as a /30 as well? > fxp1 is bound to several IPs, 192.168.1.254 and 192.168.2.254 for two > different types of NAT clients, and 90.91.92.4 for the DMZ. Define "2 different types of NAT clients". Your DMZ is not on a seperate network of your private network? By doing that you are getting rid of the whole concept of having a DMZ. ALso, run private address space on the DMZ OR Set the address of the DMZ to be 90.91.92.17/28...see below for more details. > > The intention is that NAT clients use 192.168.1.254 (or 192.168.2.254) > as their default gateway, and DMZ clients use 90.91.92.4. > > The question is how to choose a netmask for fxp1 that would exclude > the default gateway (90.91.92.1), so the machine would route via fxp0. > > Is there a way to save IPs (I need at least 12 DMZ IPs), while > achieving the same goal? You have 2 options here. 1) Setup proxy arp on your outside interface. Binding the whole /27 address range (with exception of the router's IP) to your BSD machine. Make natd translations accordingly. 2) Setup your DMZ using 90.91.92.16/28 IP range which gives you enough IP's to play with, and leaves the 90.91.92.4/30 and 90.91.92.8/29 subnet's to play with. Add the routes in the router to route the subnets to your BSD machine's IP. Make natd translations accordingly if you decide to run private address space for your DMZ, if not no additional work needs to be done. Nick Rogness <nick@rogness.net> - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0104301117420.77575-100000>