Re: ipfw routing/netmask problem

Mon, 30 Apr 2001 08:01:38 -0700 

On Mon, 30 Apr 2001, John Wilson wrote:

This probably belongs on freebsd-net or freebsd-questions.


> 
> I have 30 IP addresses assigned to me by my ISP, for the sake of this
> example let's say I've got 90.91.92.0/27.  The FreeBSD box has 2
> interface cards, fxp0 and fxp1, fxp0 connected to the router, fxp1 to
> the ethernet switch.

        OK.

> 
> The router is 90.91.92.1, fxp0 is 90.91.92.2, netmask 255.255.255.252
> (broadcast 90.91.92.3)
> 

        Is the netmask on the router set as a /30 as well?


> fxp1 is bound to several IPs, 192.168.1.254 and 192.168.2.254 for two
> different types of NAT clients, and 90.91.92.4 for the DMZ.

        Define "2 different types of NAT clients".  Your DMZ is not on a
        seperate network of your private network?  By doing that you are
        getting rid of the whole concept of having a DMZ.  

        ALso, run private address space on the DMZ OR Set the address of
        the DMZ to be 90.91.92.17/28...see below for more details.

> 
> The intention is that NAT clients use 192.168.1.254 (or 192.168.2.254)
> as their default gateway, and DMZ clients use 90.91.92.4.
> 
> The question is how to choose a netmask for fxp1 that would exclude
> the default gateway (90.91.92.1), so the machine would route via fxp0.
> 
> Is there a way to save IPs (I need at least 12 DMZ IPs), while
> achieving the same goal?


        You have 2 options here.

        1) Setup proxy arp on your outside interface.  Binding the whole
        /27 address range (with exception of the router's IP) to your BSD
        machine.  Make natd translations accordingly.

        2) Setup your DMZ using 90.91.92.16/28 IP range which gives you
        enough IP's to play with, and leaves the 90.91.92.4/30 and
        90.91.92.8/29 subnet's to play with. Add the routes in the router
        to route the subnets to your BSD machine's IP.  Make natd
        translations accordingly if you decide to run private address
        space for your DMZ, if not no additional work needs to be done.


Nick Rogness <[EMAIL PROTECTED]>
 - Keep on Routing in a Free World...
  "FreeBSD: The Power to Serve!"




To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Reply via email to