From owner-freebsd-net@FreeBSD.ORG Fri Feb 9 20:02:43 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B807816A402 for ; Fri, 9 Feb 2007 20:02:43 +0000 (UTC) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su (comp.chem.msu.su [158.250.32.97]) by mx1.freebsd.org (Postfix) with ESMTP id F19A213C4A5 for ; Fri, 9 Feb 2007 20:02:42 +0000 (UTC) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su (localhost [127.0.0.1]) by comp.chem.msu.su (8.13.4/8.13.3) with ESMTP id l19K2fCG084726 for ; Fri, 9 Feb 2007 23:02:41 +0300 (MSK) (envelope-from yar@comp.chem.msu.su) Received: (from yar@localhost) by comp.chem.msu.su (8.13.4/8.13.3/Submit) id l19K2eTx084725 for freebsd-net@freebsd.org; Fri, 9 Feb 2007 23:02:40 +0300 (MSK) (envelope-from yar) Date: Fri, 9 Feb 2007 23:02:40 +0300 From: Yar Tikhiy To: freebsd-net@freebsd.org Message-ID: <20070209200240.GI31439@comp.chem.msu.su> References: <45C9BC01.5010803@netfence.it> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <45C9BC01.5010803@netfence.it> User-Agent: Mutt/1.5.9i Subject: Re: Bridging with two subnets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Feb 2007 20:02:43 -0000 On Wed, Feb 07, 2007 at 12:46:09PM +0100, Andrea Venturoli wrote: > Hello. > I've got a firewall which has public IP xxx.xxx.xxx.2 on its first NIC. > This is bridged with a second NIC which holds xxx.xxx.xxx.0/24. > (I also have a third and fourth NIC which runs two private IP networks, > which are NATted, but I don't think this matters). > > Everything is ok, but now I'm in need to also have a second public IP > network on the second NIC, let's say yyy.yyy.yyy.0/24. > A single upstream router provides us both public nets, but obviously > with two different gateways (xxx.xxx.xxx.1 and yyy.yyy.yyy.1). > > The question is: is this possible? > > Do I only need to attach the additional yyy.yyy.yyy.0/24 boxes to the > same switch? > Do I need to ifconfig alias yyy.yyy.yyy.2 on the first NIC? > What about the gateway then? Do I still set the first one only? > > My answers would be: Yes, No, Yes. I thought I'd ask, however. My bet is Yes Yes No. Since your firewall does bridging between the two NICs, your yyy.* hosts attached to the second NIC should see yyy.1 transparently via the bridge. Just make sure your ipfw doesn't filter the traffic if you filter bridged packets. The only little problem will be that your firewall itself will see yyy.1 via its default route to xxx.1. Oh, and of course your yyy.* hosts must have their default routes set to yyy.1, not to yyy.2, which isn't there. Your xxx.* hosts' default route is xxx.1, isn't it? And IIRC you should assign IP addresses to the if_bridge interface itself if you want the bridging host to participate in the bridged network. -- Yar