From owner-freebsd-questions@FreeBSD.ORG Sun Mar 26 06:16:02 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABF0716A420 for ; Sun, 26 Mar 2006 06:16:02 +0000 (UTC) (envelope-from harlan@everett.org) Received: from minnie.everett.org (minnie.everett.org [66.220.13.228]) by mx1.FreeBSD.org (Postfix) with ESMTP id 47C5843D4C for ; Sun, 26 Mar 2006 06:16:02 +0000 (GMT) (envelope-from harlan@everett.org) Received: from minnie.everett.org (localhost [127.0.0.1]) by minnie.everett.org (Postfix) with ESMTP id 088EB54828; Sat, 25 Mar 2006 22:16:00 -0800 (PST) To: Chuck Swiger In-reply-to: <441D56A4.3050400@mac.com> References: <20060319122649.CBFEC54827@minnie.everett.org> <441D56A4.3050400@mac.com> Comments: In-reply-to Chuck Swiger message dated "Sun, 19 Mar 2006 08:03:32 -0500." X-Mailer: MH-E 7.4.2; nmh 1.2; XEmacs 21.4 (patch 19) Mime-Version: 1.0 (generated by tm-edit 1.8) Content-Type: text/plain; charset=US-ASCII Date: Sat, 25 Mar 2006 22:15:59 -0800 From: Harlan Stenn Message-Id: <20060326061601.088EB54828@minnie.everett.org> Cc: freebsd-questions@freebsd.org Subject: Re: arp_rtrequest: bad gateway (!AF_LINK) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Mar 2006 06:16:02 -0000 Chuck, Thanks for your response. > > Here's an example of some stuff in /etc/rc.conf: > > > > ifconfig_fxp0="inet 66.220.13.226/28 media 100baseTX mediaopt full-duplex" > > ifconfig_fxp0_alias0="inet 192.168.64.10/32" > > ifconfig_fxp0_alias1="inet 66.220.13.227/32" > > ifconfig_fxp0_alias2="inet 66.220.13.230/32" > > ifconfig_fxp1="inet 192.168.64.11/32" > > ifconfig_lo0_alias0="inet 192.168.64.9/32" > > ifconfig_lo0_alias1="inet 192.168.65.3/32" > > ifconfig_lo0_alias2="inet 192.168.65.5/32" > > > > The problem is that I'm seeing the following lines repeated in my syslog: > > > > arp_rtrequest: bad gateway 192.168.64.10 (!AF_LINK) > > arp_rtrequest: bad gateway 66.220.13.227 (!AF_LINK) > I infer you are trying to set up other machines (or a local jail?) on > something like 192.168.64.8 or .4 which are trying to ARP for their > router. I've got public IPs for certain machines and services and a NAT firewall that redirects these public services to private IP space behind the NAT firewall. I have a subnet of private IP space for interfaces (which are bound to those interfaces), private IP space for machines and also for the actual "services" that are being provided (bound to lo0, as I don't care how packets get there and sometimes interfaces fail). I have traditionally bound the "service" IPs to lo0, and it has been working for me for a long time (this has usually been on machines with one active NIC, however). This lets me easily move "services" to a new machine with very little effort. > It doesn't make sense to do ARP over the loopback, and > anyway, a real NIC and the loopback use different framing types. What > happens if you change: > > > ifconfig_lo0_alias0="inet 192.168.64.9/32" > > ...and so forth to: > > > ifconfig_fxp1_alias0="inet 192.168.64.9/32" > > ...? I'm not having any problems with any of the aliases on the loopback interface, just the first two aliased IPs on fxp0. > Oh, yes, and this does not make sense, either: > > > ifconfig_fxp0_alias0="inet 192.168.64.10/32" > > ...and people put their internal 192.168 subnet as a /24: That's one of the addresses that is causing problems. I did not use a wider netmask as I do not intend to route all traffic for that network on that interface. I have these machines set up to route packets over their interfaces. I was hoping/expecting that the internal routing tables would DTRT, and also handle the case where the failure of a network interface would not cause much trouble, as the systems could automatically handle this with simple changes to the routing tables. > > ifconfig_fxp1="inet 192.168.64.11/32" > Most unusual. People normally only need to use IP aliases when your > renumber an existing system and some other machine which can't be > changed easily still needs to talk to that host using the old IP, or > if you need to host multiple instances of something like an SSL-based > webserver which demand a separate IP for each site due to the protocol > limitations. I answered this one earlier; I'm keeping your paragraph here in case I missed something. > If you have two NICs, they should be on separate subnets, in separate > collision domains, unless you are doing channel bonding/CARP/FEC, in > which case they must be specially configured for that purpose (and > therefore would be on the same subnet only). The NICs are, I believe, on separate subnets. This is an area where I'm really fuzzy. I know that in the past I have had no problems with machines with one "real" NIC and putting IP aliases on lo0 and the routing "just works". In this case I *think* the 2nd NIC on each machine is on a physically separate network. While I *think* I'd like these NICs on the same physical network to have even greater "survivability" in case of a NIC failure, I do understand there are routing issues that would make that more difficult. H