Knowing that NSPs are filtering /24s, how does an Internet Content
Provider (ICP) with just a /24 (all that is needed) that is wishing
to be dual-homed see all of the net?
Why even use a /24? Here is a "netstat -nr" from an interface default
client, which has an RFC1597 private network for its content server and a
BSD/OS 2.1 squid accelerator front-ending it.
Destination Gateway Flags Refs Use Interface
default:de1 137.39.63.225 UGS 1 0 de1
default:de2 204.74.120.1 UGS 1 0 de2
default 137.39.63.225 UGS 1523 15365222 de1
127 127.0.0.1 UGRS 0 0 lo0
127.0.0.1 127.0.0.1 UH 11 6482 lo0
137.39.63.224/27 link#2 UC 0 0 de1
137.39.63.225 0:0:c:35:29:a0 UHL 1 307 de1
137.39.63.227 0:0:f8:1:a5:8e UHL 0 16 de1
137.39.63.228 0:a0:24:94:5b:e9 UHL 0 3 de1
137.39.63.255 link#2 UHL 0 1 de1
192.168.1 link#1 UC 0 0 de0
192.168.1.1 0:0:f8:2:b3:66 UHL 1 20 lo0
192.168.1.2 8:0:69:2:65:e7 UHL 2 793220 de0
192.168.1.255 link#1 UHL 1 206 de0
204.74.120/27 link#3 UC 0 0 de2
204.74.120.31 link#3 UHL 0 1 de2
224/8 link#1 UC 0 0 de0
The diffs are all PD and should apply OK against other BSDish systems. I
gave a more detailed talk about this at SF NANOG. The diffs are also quite
short.
% ftp ftp.vix.com
> cd pub/vixie/ifdefault
> ls
-rw-rw-r-- 1 716 ten 1731 Jan 31 06:15 ifconfig-diffs
-rw-rw-r-- 1 716 ten 5386 Jan 31 05:59 kernel-diffs
-rw-rw-r-- 1 716 ten 3696 Jan 31 06:23 netstat-diffs
You also need to set up a "socket" forwarder for things you want to be
handled by the private-net device:
telnet stream tcp nowait nobody /usr/libexec/tcpd socket 192.168.1.2 23
other-ssl stream tcp nowait nobody /usr/libexec/socket socket 192.168.1.2 145
There's a small amount of sendmail.cf work needed to masquerade as the private
host and relay mail between the different address spaces.