Need help with strange routing situation

Donald Burr of Borg dburr at borg-cube.com
Tue Sep 2 12:37:04 PDT 2003 

I recently switched to a new DSL provider (DSLExtreme), and in doing so,
decided to opt to buy multiple static IP's.  The idea is that I would like
one static IP for the server, and separate static IP's for our desktop
machines, so that things such as IRC DCC, streaming media, etc. will "just
work" and won't require special port forwarding or other such nonsense.

Here's a (really lame) ASCII picture of our setup:
                     [ Server and  ]
[ DSL Modem ]--------[ Gateway box ]-------------[ 10/100 switch ]
ISP proviedes		it's using IP A		    |    |     |
THREE IP's:             provides NAT                |    |     |
let's call them		for machines		    |    |     |
IP A, IP B, and		that don't	[ My desktop PC] |     |
IP C			have their	it uses IP B     |     |
			own IP				 |     |
					     [ Roomie's PC ]   |
						it uses IP C   |
							       |
							[ Wireless WAP ]
							.	.
							.	.
							.	.
							.	.
						[ My laptop ]	.
								.
					     [ Roomie's laptop ].
						(via wireless)

Note that each machine has its own unique, static private internal IP
address (192.168.x.x).  Also, the gateway/server machine has 2 interfaces:
one connected directly to the DSL modem, and one connected to the internal
network.  The server is the only thing connected to the DSL modem.

Ideally here's what we'd like to set up:

Our gateway machine and server gets its own IP, IP A.
It runs various services (IRC, WWW, FTP, etc.) but IF POSSIBLE
I'd also like it to provide NAT for machines that don't have
their own IP (i.e. people who visit and bring their laptops).

My desktop machine is hooked up via ethernet.  It should get IP B.
EVERYTHING that goes to IP B gets forwarded to that machine.
This way protocols like Game protocols, ICQ, IRC DCC, VNC, etc.
work without having to do port forwarding and other crap.
But I do want firewalling for this box, so that, for example,
I don't get infected with the Windows Worm of the Day, etc.

Same thing as above for my roomie's desktop, except it gets IP C.

Now the two laptops (as well as any other machines that people bring over
when they visit) are a problem.  Ideally I'd like them to be NAT'ted
behind IP A (the server, which also runs NAT); port forwarding is NOT
necessary since we won't ever do anything on those that requires special
port forwarding.  But they should be firewalled as well.

Ideally I'd like to do this setup on the existing hardware.  Right now,
the server box is running FreeBSD 4.8.  If this is an unsuitable platform
for the setup described above, and if another platofrm is more suitable
(e.g. Linux), I suppose I could switch if necessary, tho that's not the
optimal setup (I am very happy with the way FreeBSD works for me).

So, any idea of how to do this?  Or do I need to go buy some sort of
expensive Cisco box or something?  (which would REALLY SUCK...)

Thanks!
-- 
Donald Burr of Borg <dburr at borg-cube.com> | FreeBSD: The Power to Serve!
Website: http://www.borg-cube.com/        | http://www.freebsd.org/
PO Box 91212, Santa Barbara CA 93190-1212 \-----------------------------
Tel: (805)563-0672       ICQ# 16997506      Present Day... Present Time!

More information about the freebsd-questions mailing list