Subject: Replacing oddly networked NT machine
To: None <>
From: Stephen Borrill <>
List: tech-net
Date: 02/17/2003 11:06:51
Later this week, I am going to be installing a NetBSD box running Squid
(amongst other things). The machine it will be replacing is an aged NT
box. The network IP structure is (say) 10.0.0.x and the router is However, the NT box has two network cards which are and is directly connected to the router and is
connected to the rest of the network (there is no other link). NT allows
you to set up a default gateway on a per-interface basis and so
has as its gateway and thus internal machines can access
as a proxy and everything seems to work.

Unsurprisingly, NetBSD routing doesn't work like this (thank god). The
site would like to keep the internal machines separate from the outside
world (and ignore the fact that I've used 10.x.y.z addresses, these are
part of a private WAN). As far as I can see I have multiple options:

a) bridge the networks with bridge - but this does not allow ipf rules
(currently), so I might as well just join everything together.
b) Use some userland bridging software (e.g. bridged) - how
does this fit in with ipf?
c) Use fastroute with ipf - help appreciated on this; my attempts were
d) Do some mad routing tricks (e.g. tell it that is on one
interface and is on the other) - this won't forward packets,
but this probably isn't so crucial. man 8 route doesn't give many clues on
usage of the interface, ifa or ifb options.