Subject: Re: Replacing oddly networked NT machine
To: Johnny Billquist <>
From: Stephen Borrill <>
List: tech-net
Date: 02/17/2003 12:20:42
On Mon, 17 Feb 2003, Johnny Billquist wrote:
> On Mon, 17 Feb 2003, Stephen Borrill wrote:
> > a) bridge the networks with bridge - but this does not allow ipf rules
> > (currently), so I might as well just join everything together.
> > b) Use some userland bridging software (e.g. bridged) - how
> > does this fit in with ipf?
> > c) Use fastroute with ipf - help appreciated on this; my attempts were
> > unsuccessful.
> > d) Do some mad routing tricks (e.g. tell it that is on one
> > interface and is on the other) - this won't forward packets,
> > but this probably isn't so crucial. man 8 route doesn't give many clues on
> > usage of the interface, ifa or ifb options.
> > 
> > Ideas?
> You don't say what addresses the other machines have, or how they get
> them.

OK. The other machines are all 10.0.x.y with a netmask of (the /16 I gave was bogus). Many (though not all) are

> You might be able to subnet 10/24 into something, or you might use a
> different network number on the inside of your NetBSD machine.

Yeah, thought of that. The /22 network could be split into 4 /24s and
routing set up appropriately. However it's a Windowsy network and servers
are at the beginning of the range ( for instance). This means that
they would be in a different network to the clients. OK, we could mess
with WINS. etc. but at the moment it Just Works and I don't want to mess
with the existing network more than necessary.

> Oh, and 10.0/16 means you already are subnetting things. Can't you use
> 10.1/16 for the machines on the inside?

Well, we _could_ (and I suggested as such), but they didn't want to re-IP
the machines unless strictly necessary.

As for the choices of IP addresses, this is part of a big WAN and we
aren't really free to use our own choice of private addresses (for
instance, if a direct IP connection was needed to another part of the WAN 
we could clash).

> And you can tell routing to use a specific interface by setting that
> interface's address as the gateway.

It was working out exactly what I wanted to route to that was the issue.

I guess something like:
(route to already set up by ifconfig).
route add default
route add -host

> But it's bad karma to have the same network number on two different
> networks.

Yes, I agree. Especially with the karma bit.

> You should really bridge them, in that case. Check bridge(4),
> and start playing. And ipf should work fine on this, by the way.

Really? Since when? It seemed to be an FAQ about "why doesn't it work when
it does in OpenBSD?". Plus, I really want to use 1.6.* if possible rather
than -current.