IP /30 hack - Question

To: "Linux-mn" <tclug-list@mn-linux.org>
Subject: IP /30 hack - Question
From: "Thomas T. Veldhouse" <veldy@veldy.net>
Date: Wed, 24 May 2000 11:18:30 -0500

It appears that there is a way to get use of all 4 IP addresses on a /30
block to use - but I really don't know the proper way to set this up.

I have a /30 block with network, host, router, broadcast as the 4 IP
addresses.  I have been told that it is a simple matter to use the network
and broadcast addresses for other hosts simply by telling the router that
the subnet is bigger, say a /29.  The downside is that adjacent netblocks
will be unavailble to me should I wish to access them.  I am totally fine
with that.  BTW - I am talking about a PPP routed DSL connection - so the
broadcast packets won't interfere with anybody else.

Setting up the router for a /29 (or /28) would be trivial, however, I have a
twist.  I want the machines on my network to have the two extra addresses so
that they have publically addressable IP addresses.  I still want them
behind my firewall (with 2 NICs).  So, how do I configure my interfaces to
make this possible?

For instance:

    I am supplied with a public netblock - lets say it is 200.0.0.200/30
    My private network currently is 192.168.0.0/24 with three computers on
it (one is the gateway and two workstations).

    I have a gateway/firewall with two NICs - one with a real IP on the net,
200.0.0.202, and a private IP, 192.168.0.3.

    OK.  I want the two workstations to get public IPs, 200.0.0.200 and
200.0.0.203.  These are the normal network and broadcast addresses - but
with my reassigned netblock on my router, 200.0.0.196/29 (or 200.0.0.196/28
or 200.0.0.198/29 ?) - they become addressable - of course the IP addresses
outside of my /30 block aren't usable outside my network.  I know this will
work fine if these workstations use the router as the default gateway.
However, I want these addresses firewalled, so I want to use the PC I was
using for that job.  How can I configure the two interfaces on it to
firewall packets?  Can I assign the same IP address to both NICs?  How about
netmask?  Seems like a conflict to me.  Yet - there must be a way - as the
router is doing it.  I don't want to use NAT, because I want real public
IPs.

Does anybody have an idea of how to configure this?  I am sure it has been
done before (I know of somebody who fakes the netblock to reclaim the other
IP addresses - but how can I do it with my 2 NIC firewall/gateway machine?

Thanks in advance,

Tom Veldhouse
veldy@veldy.net

Prev by Date: XFree86 Denial of Service vulnerability.
Next by Date: Re: [TCLUG:18100] Bootable Business Cards
Prev by thread: XFree86 Denial of Service vulnerability.
Next by thread: Re: [TCLUG:18100] Bootable Business Cards
Index(es):
- Date
- Thread