I wrote of problems with routing a /29 carved out of a /23.
ww@STYX.ORG wrote
> You might try, since the subnet is so small, putting individual host
> routes to match the proxy arp entries.

I've tried this.  It does in fact work.

But now there's another problem, one which is obvious in retrospect.  I
know how I would solve it normally, but this is being done on 2.0,
without all the useful hacks I've added to my 1.4T.

Here's a recap of the immediately-relevant piece of the network.  This
is my previous diagram with some pieces suppressed and another host
added for clarity.

--------+----------------+-------- 10.10.10.0/23
   rtk0 | .73            | .20
    +---+---+        +---+---+
    |   A   |        |   D   |
    +-+---+-+        +-------+
   .1 | tlp0
------+--------------+------------ 192.168.1.0/24
                  .2 | fxp0
                   +-+---+-+
                   |   B   |
                   +---+---+
                  sip0 | .74
-----------------------+---------- 10.10.10.72/29

Now, with the host routes in place on A, packets from D to .74 work.
Ping works and I can even ssh directly from D to B (though it takes a
while; DNS on B is a bit broken because of the problem I'm about to
describe.)

The next problem is, if B initiates traffic to (say) D, it is
from-stamped 192.168.1.2.  This won't work right; it needs to be
from-stamped 10.10.10.74.  If I were on my 1.4T, I'd configure an srt
interface to route 0/0 out fxp0 to 192.168.1.1, ifconfig the srt to
10.10.10.74->10.0.0.1, and point the default route to 10.0.0.1.  (I've
done this before as a way of getting traffic out an interface
from-stamped with a different interface's address.)  But this is on
2.0.  I'd rather not add srt to 2.0 unless I have to; I'm trying to
keep this machine as close to stock as feasible.

What's the right way to make this work under 2.0?  Is there one?

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B