* Richard Rauch <rauch@rice.edu> [1134 07:34]:
 
> Hm.  It still seems like the route man-page is half-way telling me
> "there's a way to specify *particular* IP numbers to be routed through
> *particular* interfaces, regardless of the subnetting and interface
> addresses..."  But if it's really telling me that, I haven't figured out
> how I'm supposed to accomplish it.

You could setup prometheus with all  your public IPs on
its public interface (pub0), and then set up rules like

'any traffic coming in to 66.136.7.250:80 should go to 10.10.10.2:80 (hermes)'
'any traffic coming in to 66.136.7.252:25 should go to 10.10.10.8:25 (mailbox)'

ipnat does this in its sleep :) In fact it'll do stuff like this
even if there's only 1 public IP, it's just a special case of how NAT works anyway.

See the 'rdr' keyword explanation at:
http://www.obfuscation.org/ipf/ipf-howto.html#TOC_34

Handy document (and the reason I first kicked my penguin habit).

> Yes, this works.  (Except that the modem is designed to be connected via a
> normal ethernet cable directly to an ethernet card.  But, that's a small
> thing.)

More precisely, a 'crossover cable' :)

> > At the moment prometheus is trying to route between two interfaces which are
> > both on the same LAN, like this:
> >
> >    ISP  ----  < 66.136.7.248/29 network > -- prometheus --- <66.136.7.248/29> --- hermes
> >
> > which makes no sense - that's why my last post was gibberish :).
> 
> *grin*
> 
> I was originally hoping that it *did* make sense.  Now it's just a matter
> of ``I don't understand why it *can't* be that way.''

Basically, it confuses the router if you try to route between 2 identical
(as far as it's concerned) networks.  It's like walking into Cardiff
train station and saying 'two tickets to Cardiff, please' - the
ticket seller just says 'but you're in Cardiff?'.
 
> There is a final advantage to setting up my machine as a router: I can
> honestly claim to be using a router.  This seems to make a signficant
> difference in how customer support responds.  If you just say "I'm running
> a UNIX OS", they say, "We don't support that."  

To which the correct response is: 'look, mate, just give me the DNS server
IPs and a default gateway and you can get back to Quake.'

Or occassionally (i.e. if the lines breoken and you want someone to fix it
rather than blame your OS for the smoke coming out of their kit):
'im terribly sorry, did I say UNIX? I meant Windows 98.'

> The fact that my router may be running an X server or bosts a ssh login
> to ksh instead of a web-based interface, is just a little quirk.  (^&

Yeah, that'll be line noise. Or solar flare activity. :)
 
> > [ This also explains why your DHCP requests fail:
> 
> Um, I don't understand: Why can't my ISP's gateway machine (66.136.7.254;
> clearly in the same subnet) be a DHCP server?

Well, if they did, it would have answered :)

Cheers!
 
-- 
Rasputin :: Jack of All Trades - Master of Nuns