[lug] DSL static IP question

Dennis Keller dennis at bullamanka.com
Tue Nov 9 11:07:48 MST 1999

You can also get around the Point-To-Point routing problem by setting
the firewall machine( the one with two eth cards) up for routing and
using "arp" to channel packets through for machines behind the firewall.
You basically plug the DSL into one eth card, the hub into the other,
then set up routing to recognize that some packets on the subnet should
be routed to the frii gateway (outbound). At this point, you have half
of a working solution, you can get packets out from the subnet, but they
don't know how to come back in, cause the machines on the subnet cannot
hear frii's router arp requests. 

To get around this, you set the firewall machine up to answer arp
queries about the machines in the subnet (check out the arp command).
Then when the frii router asks your "subnet" if anyone knows where a
machine is, the firewall says, "sure, I know where that machine is, send
the packet to me!". Once it has the packet, routed knows to send it out
the subnet eth card so it gets to your real subnet. 

This worked really well for me when I was using frii and allows for you
to enable firewalling. The bummer is that you have to set up arp for
every machine in the subnet, we're only working with 5 right? In the end
though, it may be easier just to ask frii to enable point-to-point
routing! Just thought some people might want to hear another way of
doing it!

Dennis Keller
dennis at bullamanka.com

"Michael J. Pedersen" wrote:

> Here's the required setup to do what I did with my environment.  Get a linux
> box with two network cards in it.  Connect one of those cards to the hub.
> That card will now be called firewall in this post.  Connect the other card to
> the hub.  That card will now be called gateway.  Next, you have to get the ISP
> you're working with to route all packets for your network to firewall's IP
> address.  FRII called this Point-To-Point Routing.
> --
> Michael J. Pedersen
> WhoDP: whodp://earth.activerse.com/pedersen
> Check out Ding! at http://www.activerse.com

More information about the LUG mailing list