Craig Sanders wrote: > > On Tue, 15 Apr 1997, Jens B. Jorgensen wrote: >
[ all my config info deleted ] > > The only problem with this is that neither machine will be able to > communicate directly with other machines on the 193.135.252/24 network - > with a netmask of 255.255.255.0 they will expect the entire 193.135.252 > network to be on the local ethernet. This is true. > This could be a big problem if, for example, you need to communicate > directly with other customers of your ISP who use the same class C or > even worse if your ISP's news or www or www-proxy machines are on the > same class C. > > NOTE: your network configuration would be **much** simpler if your ISP > would give you a small subnet rather than just two random ip addresses. > Ask your ISP to do this for you. > > If your ISP can't or won't, then the only way i can think of at the > moment for getting the routing (almost) correct is to set up both > machines so that two small /30 subnets of 193.135.252 are routed via > the ethernet, and everything else is routed via the default gateway > (firefranc's def gw is icemark, icemark's def gw is the ppp interface). > Even this isn't perfect because there will be two subnets which your > machines wont be able to communicate with. > > Alternatively, just use private 192.168.1.x addresses for the ethernet > and set up icemark to do IP masquerdading and transparent proxying. > There are very few limitations on what can be done with masquerading > these days, so this is probably the best (least messy!) solution for > you. > I agree with everything here *except* for the assertion that using IP masquerading and transparent proxying are the best or least messy solution. The issue you're not addressing at all is that proxy solutions work only for *outgoing* connections--that is, connections which would be initiated by firefranc. What if Benedikt needs two hosts connected because he intends to run DNS and has to have a primary and secondary server in order to register his own domains? This *would* *not* *work* using IP masq or transparent proxying. And let's be realistic here. Do you think you could go to your ISP and say 'Hey, I'd like a subnet please. I've got two hosts and I need my own subnet so please give up 4 IP address from the 253 (yes 253, 0 & 255 can't be used) available just because I want them.' They'll say 'Sure, let me just ask my manager how much we'll have to charge you for that privilege.' I think the possibility that Benedikt will not be able to reach a few people who use his same ISP is probably the least of his concerns. That said, looking at a DNS dump from thenet.ch, if hostnames are any indication of allocated addresses, it would appear that only 27 addresses within 193.135.252 are currently used, so they could do this without much pain. I appreciate your efforts, Craig, to try to point out all the factors here which should go into a determination of what Benedikt should do. There are many ways to skin this cat. -- Jens B. Jorgensen [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
