From owner-freebsd-hackers Thu Jul 26 14:36:22 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67]) by hub.freebsd.org (Postfix) with ESMTP id 4B54D37B401 for ; Thu, 26 Jul 2001 14:36:17 -0700 (PDT) (envelope-from dillon@earth.backplane.com) Received: (from dillon@localhost) by earth.backplane.com (8.11.4/8.11.2) id f6QLaCX62360; Thu, 26 Jul 2001 14:36:12 -0700 (PDT) (envelope-from dillon) Date: Thu, 26 Jul 2001 14:36:12 -0700 (PDT) From: Matt Dillon Message-Id: <200107262136.f6QLaCX62360@earth.backplane.com> To: "Steven Ames" Cc: "Jonathan M. Slivko" , "Chris Dillon" , Subject: Re: Why two cards on the same segment... References: <001701c11614$94114000$6401a8c0@equinox> <00fa01c11615$73cccb10$28d90c42@eservoffice.com> <003401c11616$d2a8e460$6401a8c0@equinox> <011d01c11617$10b96950$28d90c42@eservoffice.com> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG :Not really. The private IP space probably never leaves that LAN segment so :the source IP would get set properly and the default route is irrelevent. :Whenever :he communicated with a block that is not diretly attached then the code has :to :choose a source address and then send the packet to the next hop (usually :the :default route unless you have a dynamic protocol daemon (routed/gated/etc) :running. As long as your just communicating to directly attached subnets :everything :will work peachy regardless of public/private/quantity/netmask. : :-Steve I wish it were that easy. If you have two interfaces on the same LAN segment, but one is configured with an internal IP and one is configured with an external IP, and the default route points out the interface configured with the external IP, then you are ok. If you have one interface with *two* ip addresses. For example (taking a real life example): ash:/home/dillon> ifconfig fxp0: flags=8843 mtu 1500 inet 208.161.114.66 netmask 0xffffffc0 broadcast 208.161.114.127 inet 10.0.0.3 netmask 0xffffff00 broadcast 10.0.0.255 ether 00:b0:d0:49:3b:fd media: Ethernet autoselect (100baseTX ) status: active Then the 'source IP' address the machine uses is completely up in the air. It could be the external IP, or the internal IP, and it could change out from under you if you manipulate the interface with ifconfig. You have to explicitly bind to the correct source IP if you care. For our machines I bind our external services specifically to the external IP. Beyond that I usually don't care because I NAT-out our internal IP space anyway, so any packets sent 'from' an internal IP to the internet wind up going through the NAT, which hides the fact that the source machine chose the wrong IP. -Matt :> Yes, but what that snippet showed from ifconfig showed 2 networks, 2 from :> public IP space and 1 from private IP space, and since it's working the :> networking code must know/care about something that it's being fed. -- :> Jonathan :> :> -- :> Jonathan M. Slivko :> Blinx Networks :> http://www.blinx.net/ :> :> ----- Original Message ----- :> From: "Steven Ames" :> To: "Jonathan M. Slivko" ; "Chris Dillon" :> ; :> Sent: Thursday, July 26, 2001 4:56 PM :> Subject: Re: Why two cards on the same segment... :> :> :> > > Yes, but, I think the issue with the 2 IP classes working is because :one :> > is :> > > not routable, and therefore it's not a real :> > > IP address, and the router knows this, hence it's not reacting to it :by :> > > stopping to work. As long as you use virtual :> > > ip's (192.168.*.*) then there should be no reason why it wouldn't :work. :> > > However, if your talking about a routable :> > > IP address, then you might have a problem, as there is a difference :> > between :> > > a virtual IP address and a real (routable) :> > > IP address. Just my 0.02 cents. -- Jonathan :> > :> > I don't think the networking code knows/cares if something is private or :> > public IP space. I might be off here but I think the real problem with :> > two seperate networks on one card (or even on two cards) would be :> > the default route (can't have two right?) and which IP address gets :> > used as the 'source IP' on packets leaving the system. :> > :> > -Steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message