From owner-freebsd-questions Wed Aug 23 0:30:50 2000 Delivered-To: freebsd-questions@freebsd.org Received: from integrity.chainsoft.com (c1009606-a.sttln1.wa.home.com [24.0.236.127]) by hub.freebsd.org (Postfix) with ESMTP id 8CA5537B423 for ; Wed, 23 Aug 2000 00:30:43 -0700 (PDT) Received: from integrity ([192.168.0.10]) by integrity.chainsoft.com with Microsoft SMTPSVC(5.0.2195.1600); Wed, 23 Aug 2000 00:31:12 -0700 Message-ID: <001e01c00cd4$1d046040$0a00a8c0@chainsoft.com> From: "Larry Skarpness Jr." To: "Emmanuel Gravel" Cc: "Crist J . Clark" , References: <200008220514.WAA24408@avocet.prod.itd.earthlink.net> <200008230226.TAA23956@falcon.prod.itd.earthlink.net> Subject: Re: ARP issues with 2 or more multi-homed interfaces on same physical LAN Date: Wed, 23 Aug 2000 00:31:11 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-OriginalArrivalTime: 23 Aug 2000 07:31:12.0600 (UTC) FILETIME=[1D076D80:01C00CD4] Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG O.K. I've spent some time thinking about this, and finally saw the light. So, I've multi-homed the 2 cable IPs onto one NIC, and static NAT'd one of them back to the other host on the private net. I agree that this is a much better solution. Thanks for your persistence. ----- Original Message ----- From: "Emmanuel Gravel" To: "Larry Skarpness Jr." Sent: Tuesday, August 22, 2000 7:31 PM Subject: Re: ARP issues with 2 or more multi-homed interfaces on same physical LAN > There's one thing you're not understanding. One way or another, your > FreeBSD system is the gate between your network and the outside > world. Your cable modem doesn't exist for your other systems, so there's > no reason to have them all on the same physical network (i.e. the hub). > Even, it should be reason enough to keep them physically separate. > Up to now, nothing here really answers what you said (to your liking > anyway since I was the second person to tell you this). > > Now, you don't need to buy an extra hub to get the cable modem > connected to your system. What you need is a cross-over cable. > Something of a "null hub". You should have gotten one when you > got your cable modem installed. Essentially, this cable won't work > on the hub, since it's transmit and receive lines are crossed. So > you get a setup which looks kinda like this: > > _________ _______ _________ ________ > | | | | | | | | > | Sys 1 |--| Hub |--| Sys 2 |--| C.M. | > | | | | | | | | > --------- ------- --------- -------- > > (I hope you're using straight ASCII because this looks horrible in > Eudora). > > This setup will give you a boost in network performance. If security > isn't a concern to you, performance should. Keeping networks > physically separated is a GOOD thing. Any OS powerful enough > to be dual homed will complain if it sees packets destined for one > interface anywhere near the second interface. The whole objective > of having two interfaces describing two different networks is to have > two separate networks, in all means possible, including a different > "hub" of some kind. If you really want to keep them all on the same > "bus" get a switch. It'll stop complaining altogether and give you > the same performance results, or better. But even there I'd still keep > things very separate. Most everybody else on this list would too. > Why? It just goes with the philosophy of having two networks bridged > by a system (in this case acting as a router). Anything else just > isn't "kosher". > > Hope this answers your concerns a little more :) > > At 10:18 AM 8/22/00 -0700, you wrote: > >OK. I'm getting some great responses here. I appreciate the effort. Let > >me explain futher. > > > >In this case the cable modem does not leak my private network traffic. It > >appearently only transmits packets that it can route. It only allows the > >IPs that my ISP has given me to connect with it. I can actually verify this > >by watching the transmit LED, and it does not light during private network > >activity. I've also never seen anyone elses private network packets come > >across. > > > >Remember that I must connect TWO different machines via the same cable > >modem, and the only way to do this is with a hub. These same two machines > >must also be on the private net. I did start out with just NICA in Machine > >1 (FreeBSD), but then my Firewall and NAT did not work properly (or was > >exceedingly complex to deal with) because of issues being on the same > >interface. So I abandoned that fiasco and went to the two NIC > >configuration. > > > >I could buy another hub, and could even put another NIC in machine 2. Then > >the my private could be physically seperated from the public nets. But that > >seems like overkill. The cable modem is already logically filtering the > >private network out. I'm currently only connecting 3 machines. For its > >intended purposes this configuration is not causing a security problem or > >performance problem. The current network capacity (including any overhead > >incurred on all machines) is completely underutilized. > > > >Would it be reasonable for an OS to handle this configuration without a > >constant stream of complaints? > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message