On 2008-09-08, Vijay Sankar <[EMAIL PROTECTED]> wrote: > On September 8, 2008 09:54:22 am Peter Kay - Syllopsium wrote: >> >> Unless I'm missing something though, aren't you losing two of your 8 IP >> addresses - one to PPPoE and one to the DMZ? A main point of me running >> PPPoE on the firewall is that I only lose one of my 6 available (obviously >> network and broadcast eat two of my eight) WAN addresses.
> Yes, net.inet.ip.forwarding=1 here. I did not think of it as losing two IP > addresses because first of all the pppoe address is required on the > firewall's external interface in order to route to the block of 6 addresses > for the "framed route". > > The DMZ address does use up one of the 6 IP addresses and the other 5 hosts > in > the DMZ uses that address as their route. But since I did not need 6 separate > IP addresses in the DMZ it was not a problem for me. > If you don't need to contact hosts on addresses in the subnets adjoining yours, there's a hack you can use. Make your subnet wider, so the /29 sits in the middle of it. Then the ethernet broadcast address and network address are outside the routed range so they aren't burning your routed addresses, you can make use of them for hosts instead. This is assuming you can't just go to the ISP and ask for a larger allocation of course. If anyone else will have to maintain this network that should probably be your first choice, even if it costs a bit more..
