Re: routing, was: Re: <blank subject>

• Previous message: Xpression: "Which might be the problem ???"
• In reply to: Charles Swiger: "routing, was: Re: <blank subject>"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sun, 7 Dec 2003 12:04:02 -0500 (EST)
To: "Charles Swiger" <cswiger@mac.com>, "liquid@istop.com" <liquid@istop.com>

Charles Swiger <cswiger@mac.com> said:

> Hi, Liquid--
>
> On Dec 6, 2003, at 3:06 AM, liquid@istop.com wrote:
> > I'm going to have a static IP - say xx.xx.yy.zz - and a subnet as
> > follows:
> > xx.xx.xx.zz/28
>
> Do you mean, "I am switching from a single static IP to a 16-address
> subnet", or are you going to have both a static IP on one connection
> AND a /28 subnet over a second connection?

Sorry I wasn't clearer on that. I have one corporate DSL connection with a
static IP. Along with the static IP, I'll get an additional /28

>
> > 1. Do I need to inform the ISP of my intentions so that people can
> > actually
> > connect to an IP which is part of my subnet, but behind this router I
> > intend
> > to build? (I didn't think it was necessary until I read 19.2.5 in the
> > handbook - it doesn't seem like it's necessary based on that alone,
> > but it
> > has placed some doubt in my mind).
>
> No, your ISP will route IP traffic for the subnet to you. On the other
> hand, certainly you should talk to your ISP about your network topology
> if you have any specific issues or questions for them.
>
> > 2. I currently run my FreeBSD router on a cable connection while
> > waiting
> > for the new ISP to get setup. I use NAT to translate the EXT. IP to
> > the
> > internal ones of my lan. I don't need to run nat for the setup I plan
> > to
> > have do I?
>
> No, you don't need NAT for IPs on your new subnet: they are "directly
> Internet routable" if you want a buzzword. :-) However, you should
> spend some time considering security and setting up a firewall.

That's what I thought. Again I just needed someone else to say so too for
me to be 100% certain. The whole reason for this is in fact security. I
plan to do some webhosting, and also, to generate some additional revenue,
give out a few accounts for irc bots. You KNOW that can be alot of
trouble ;)
I'm actually using an openbsd bridged firewall right now, have been for a
couple of years and I like it. Firewalling on the FreeBSD box I intend to
use as a router will only increase the security. Are there "tricks"
regarding running ipf on the router that I should look into?

>
> Sometime later, you might want to consider how to have machines on your
> new network be able to fail-over to your single-IP connection; and one
> way of doing so would be to use a NAT gateway of your public IPs from
> the /28 subnet via your original connection. [The inverse of
> -unregistered_only.]
>
> > 3. Finally, I've read (briefly thus far) about routed on FreeBSD.
> > Would
> > this daemon be used in such a way that I don't even need to add static
> > routes for LAN?
>
> Yes, but routed is really intended for dynamic routing within an
> intranet, and is overkill for your situation. Specificly, you would
> accomplish more by configuring DHCP on your FreeBSD machine and
> broadcasting the correct default router IP than you would gain by using
> routed.
>
> Ping all of your machines (or use the subnet broadcast address), and do
> an "arp -a" to get MAC addrs, then set up host sections to allocate
> static IPs via DHCP, so your machines can all be network
> auto-configured even if you rebuild/reinstall the OS on a particular
> box.
>

I think I'll just add the static routes for now. Sounds much simpler.
Besides, with all these IP's, I still only have 6 machines behind this
router...

route add default gw my.isp.gateway
route add net my./28.sub.net

Those appear to be the only two route commands needed. Of course, I can
only know for sure once I get my connection (sometime next week) and set it
all up. In the future I may toy with routed just so I can know how it
works. each of my machines will have wireless NIC's so they can
interconnect using non-routable addresses and so I can connect to them from
my desktop machine locally. Obviously I'm quite a routing nubile... my goal
would be to setup routing so that from one machine who's address is in my
subnet, I can connect to another machine within my subnet but ensure it's
all done locally without going out beyond the router for two reasons: A) My
monthly bandwidth is capped, B) It would only go at my internet connection
speed, and not the full 10/100mbit of the LAN.

> > Again, this address is not subscribed, so please answer by putting my
> > address in the cc: field.
>
> Done.

Thanks, and thanks also for the responses. Very helpful :)

>
> --
> -Chuck
>
>

-- 
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

• Previous message: Xpression: "Which might be the problem ???"
• In reply to: Charles Swiger: "routing, was: Re: <blank subject>"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]