Knowing that NSPs are filtering /24s, how does an Internet Content Provider (ICP) with just a /24 (all that is needed) that is wishing to be dual-homed see all of the net?
Why even use a /24? Here is a "netstat -nr" from an interface default client, which has an RFC1597 private network for its content server and a BSD/OS 2.1 squid accelerator front-ending it. Destination Gateway Flags Refs Use Interface default:de1 137.39.63.225 UGS 1 0 de1 default:de2 204.74.120.1 UGS 1 0 de2 default 137.39.63.225 UGS 1523 15365222 de1 127 127.0.0.1 UGRS 0 0 lo0 127.0.0.1 127.0.0.1 UH 11 6482 lo0 137.39.63.224/27 link#2 UC 0 0 de1 137.39.63.225 0:0:c:35:29:a0 UHL 1 307 de1 137.39.63.227 0:0:f8:1:a5:8e UHL 0 16 de1 137.39.63.228 0:a0:24:94:5b:e9 UHL 0 3 de1 137.39.63.255 link#2 UHL 0 1 de1 192.168.1 link#1 UC 0 0 de0 192.168.1.1 0:0:f8:2:b3:66 UHL 1 20 lo0 192.168.1.2 8:0:69:2:65:e7 UHL 2 793220 de0 192.168.1.255 link#1 UHL 1 206 de0 204.74.120/27 link#3 UC 0 0 de2 204.74.120.31 link#3 UHL 0 1 de2 224/8 link#1 UC 0 0 de0 The diffs are all PD and should apply OK against other BSDish systems. I gave a more detailed talk about this at SF NANOG. The diffs are also quite short. % ftp ftp.vix.com ftp> cd pub/vixie/ifdefault ftp> ls -rw-rw-r-- 1 716 ten 1731 Jan 31 06:15 ifconfig-diffs -rw-rw-r-- 1 716 ten 5386 Jan 31 05:59 kernel-diffs -rw-rw-r-- 1 716 ten 3696 Jan 31 06:23 netstat-diffs You also need to set up a "socket" forwarder for things you want to be handled by the private-net device: telnet stream tcp nowait nobody /usr/libexec/tcpd socket 192.168.1.2 23 other-ssl stream tcp nowait nobody /usr/libexec/socket socket 192.168.1.2 145 There's a small amount of sendmail.cf work needed to masquerade as the private host and relay mail between the different address spaces.