Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 17 Aug 2000 00:44:03 -0700
From:      "Crist J . Clark" <cjclark@reflexnet.net>
To:        Steve Lewis <nepolon@systray.com>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Q: network topologies, routing, TCP/IP
Message-ID:  <20000817004403.F28027@149.211.6.64.reflexcom.com>
In-Reply-To: <Pine.BSF.4.05.10008161511430.1822-100000@greg.ad9.com>; from nepolon@systray.com on Wed, Aug 16, 2000 at 03:38:18PM -0700
References:  <Pine.BSF.4.05.10008161511430.1822-100000@greg.ad9.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Aug 16, 2000 at 03:38:18PM -0700, Steve Lewis wrote:

[snip]

> We have two IP addresses available, only one of which is currently in use
> (1.2.3.4 as above, and 1.2.3.5 is still available).  The second IP
> resolves by DNS to the name of the bastion host (basthost.domain.org), and
> I can use NATD & IPFW to pass traffic on allowed ports to basthost (I know
> how, anticipate no problem there).
> 
> The problem is this:
> I need to have traffic destined to 1.2.3.5 to be routed through 1.2.3.4
> (frontline).
> 
> How can I do this?  I can think of a few ways it may be possible:

Yes.

> 1) Bind 2 IPs to one interface.  I have seen it done in Linux, but I can't
> find a way to do this with FreeBSD in the docs.  How can I bind 1.2.3.5 to
> frontline's public interface in addition to it's current IP address?

Read ifconfig(8),

     The following parameters may be set with ifconfig:
     .
     .
     .
     alias   Establish an additional network address for this interface.  This
             is sometimes useful when changing network numbers, and one wishes
             to accept packets addressed to the old interface.  If the address
             is on the same subnet as the first network address for this in-
             terface, a netmask of 0xffffffff has to be specified.


> 2) Will I need to resort to using a routing package (routed, gated, etc)
> to do this?  I want to avoid running such a package on the firewall for
> reasons which should be easy to discern.  

No need.

> 3) Will I need to have my upstream provider adjust routing for 1.2.3.5 at
> their end?  If so, is this in combination with #2 above?

They are assuming 1.2.3.4 and 1.2.3.5 are on the same wire now?

Anyway, I suggest using the 'redirect_address' feature of natd(8). Put
this other box behind the firewall with one of your RFC1918 numbers
and redirect 1.2.3.5 to that machine.
-- 
Crist J. Clark                           cjclark@alum.mit.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000817004403.F28027>