Date: Wed, 13 Sep 2000 20:47:05 -0700 From: "Ronald F. Guilmette" <rfg@monkeys.com> To: freebsd-questions@freebsd.org Subject: Help! Configuring for two IP addresses => one interface, and NATD Message-ID: <983.968903225@monkeys.com>
next in thread | raw e-mail | index | archive | help
If I could get a bit of guidance here, I'd really appreciate it. Here's the situation... I have a small local network which is connected to the net via a DSL line. Up until today, I had exactly _one_ static IP address which my ISP had allocated to my DSL line. As of today however, I now have _two_ static IP addresses for my DSL line. I have one machine (running FreeBSD, of course) which is directly connected to the DSL line. The machine in question serves as both a server (e.g. web, mail, and name service) and also does double duty as a firewall. This machine has two ethernet cards on it... one connected to the DSL line and another which goes out to a small ethernet hub to which the rest of my local network is connected. This machine (the server/firewall machine) has all of the necessary stuff compiled into the kernel to support both ipfw (firewall stuff) and also the NATD stuff. And I *am* using both ipfw and natd. I've previously setup a rather elaborate set of firewall rules (for ipfw) for this machine, and those have been working well. All non-suspicious packets can get in and out with no problems, I am I am well and properly alerted whenever suspicious activity from outside comes in. (I adjusted those rules, of course, to make all necessary allowances for my new, second static IP address.) Anyway, I have been working on an experimental special-purpose name server and I needed another IP address to run that on, so today I requested and obtained a second IP address from my ISP for my DSL line. The second IP address has already been implemented by my ISP, and it seems to be correctly routed down to my DSL line, along with my original static IP address. Now comes the hard part... I need to find out *everything* that I am supposed to do to let the system know that I have this second IP address attached to the first ethernet card. I have already added the following statement into my /etc/rc.conf file (to make sure my new IP was ifconfig'd for the primary ethernet card): ifconfig_xl0_alias0="inet 63.92.26.217 netmask 255.255.255.0" Then I rebooted. After this, "ifconfig -a" showed both IP addreses (new and old) properly associated with my primary ethernet card. No problem. Great. Then I tried just pinging the new IP address from the server/firewall machine itself and nothing happened. It just sat there. But I found that I *could* ping the new address from *other* machines elsewhere on the Internet. Hummm.... This can't be right! Now, I'm not going to be doing a whole lot of pinging of this machine from itself, so this isn't TOO worrisome, but I just feel that the fact that I cannot ping the second IP address from this very same machine indicates that I am most certainly doing something wrong. There is obviously something else that I need to do, but what? I have no idea. I think that main problem here is that I'm pretty damn ignorant about things like routing and arp and stuff like that. I played around with both arp and /sbin/route for awhile, and I found a couple of different ways to ``cure'' the ``no ping response'' problem, but which of these is the ``correct'' solution? I have no idea. I'm getting lost in a twisty maze of different route options, all different. If anybody can help get me unconfused, please do. Here's the output of `netstat -n -r' right after a reboot. Note that my old static IP address is 63.92.26.236. My new one is 63.92.26.217. The ethernet card that faces outward towards my DSL line is `xl0' and the one that faces inward towards my (natd serviced) local network (192.168/16) is called `rl0'. The IP address of my ISP's end of the DSL line is 63.92.26.254. Why, oh why isn't FreebSD smart enough to setup *any* sort of a route for my second IP address? Eh? I mean hay! I already ifconfig'd it properly and everything! (Grumble, grumble.) If anyone can educated me, please do. Please be sure to include <rfg@monkeys.com> in the recipient list of your reply. Thanks. ----------------------------------------------------------------------- Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 63.92.26.254 UGSc 215 23628 xl0 63.92.26/24 link#1 UC 0 0 xl0 63.92.26.236 0:50:da:71:81:87 UHLW 10 17005 lo0 63.92.26.254 0:30:19:4c:80:b2 UHLW 214 74 xl0 1144 127.0.0.1 127.0.0.1 UH 1 10 lo0 192.168/16 link#2 UC 0 0 rl0 192.168.1.14 0:10:4b:68:be:11 UHLW 1 36 rl0 508 192.168.254.254 link#2 UHLW 0 8 rl0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?983.968903225>