Date: Fri, 29 Aug 1997 00:15:37 -0600 (MDT) From: Wes Peters <softweyr@xmission.com> To: Tim Baur <tbaur@esgroup.net> Cc: questions@freebsd.org Subject: Re: multiple ether cards Message-ID: <199708290615.AAA01452@obie.softweyr.ml.org> In-Reply-To: <Pine.BSI.3.96.970828002649.23319B-100000@oblivion.esgroup.net> References: <199708280538.XAA00263@obie.softweyr.ml.org> <Pine.BSI.3.96.970828002649.23319B-100000@oblivion.esgroup.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Tim Baur writes:
> Router / firewall.. so yes. What I dont get is how you force incoming
> packets to use ed1, and packets going to a machine on the other side of
> this box to use ed0. Here's a example.
>
> internet -> router -> hub -> ed1: firewall :ed0 -> second hub -> machine.
>
> This type of setup is indeed new to me, so bare with me.
OK, I'll try to be a little less snippy. Now that you've told me what
you need, I can explain the miracles of IP routing as they apply to your
network. First, lets draw a little diagram of what I'm assuming your
network is like; we can make refinements later on if necessary.
You have a local workgroup attached to one interface on your router, and
the other interface on the router is attached to a "public" network,
i.e. one connected to the internet. The machines on your local
workgroup have IP addresses that are distinct from the rest of the
world -- they are in a unique "IP network." So we have:
(The Internet)
|
World Router
204.203.202.254
en0
| | | |
+----------+----------+------------+----------+ Public network
|
ed0
204.203.202.250
Franken Your FreeBSD
Router routing host
211.212.213.250
ed1
|
+-----+-----+-----+-----+-----+-----+-----+-----+ Workgroup
| | | | | | | | |
Each of the interfaces on FrankenRouter, ed0 and ed1, must have unique
IP addresses. Not only must they be different from each other, they
also must have different network parts. For instance, lets assume the
IP address for your existing "public" network is 204.203.202.0, and the
IP address for your new "workgroup" network is 210.211.212.0. In order
to keep things simple, you choose to use the same host part, 250, for
both interfaces. So, we configure the interfaces thusly (in
/etc/sysconfig or /etc/rc.conf):
network_interfaces="lo0 ed0 ed1"
ifconfig_lo0="inet localhost"
ifconfig_ed0="inet 204.203.202.250 broadcast 204.203.202.255"
ifconfig_ed1="inet 211.212.213.250 broadcast 211.212.213.255"
Now, for the routing part. Your systems on the workgroup network must
be configured to use FrankenRouter as their default router:
defaultrouter="211.212.213.250"
When you configure ed1 on FrankenRouter, a route to the 211.212.213.0
network will be automagically entered for ed1. The same process happens
for ed0 and the 204.203.202 network. You must, however, give
FrankenRouter a default route as well. This will be the same as the
default route for all of the other systems on the 204.203.202.0 network,
in this case, "WorldRouter":
defaultrouter="204.203.202.254"
So, when you send a packet to 16.1.0.2 from one of the systems on your
workgroup network, it will send the packet to ed1 on FrankenRouter.
FrankenRouter will then send it on to the "en0" interface on
WorldRouter, which will (hopefully) send it out on the internet via your
ISP.
For the inbound routing, you must do the opposite. You will have to
configure WorldRouter to route packets for the 211.212.213.0 network via
FrankenRouter. If WorldRouter were a BSD box, the command would be:
route add 211.212.213.0 204.203.202.250
You will have to look up the syntax for your router. At this point, any
packet bound for 211.212.213.* that arrives at WorldRouter will be
forwarded on to ed0 on FrankenRouter, which will forward it to the ed1
interface and on to the workgroup network.
You will also have to propagate the route to the 211.212.213.0 network
via WorldRouter to the remainder of the internet. You will need to
discuss this with your ISP. You are now ready to route to and from the
internet from your workgroup network.
I hope I've answered the question you are asking. Feel free to clarify
and/or elaborate as necessary.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
http://www.xmission.com/~softweyr softweyr@xmission.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708290615.AAA01452>