Date: Wed, 20 Oct 1999 12:08:48 -0600 (MDT) From: "Forrest W. Christian" <forrestc@iMach.com> To: Will Mitayai Keeso Rowe <mit@aecinfo.com> Cc: FreeBSD-Stable <freebsd-stable@FreeBSD.ORG> Subject: Re: IP aliasing Message-ID: <Pine.BSF.3.96.991020115200.13144B-100000@workhorse.iMach.com> In-Reply-To: <NDBBLMGLGLDODFIEAOKGMEJKCIAA.mit@aecinfo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 20 Oct 1999, Will Mitayai Keeso Rowe wrote:
> I noticed on another server's box that they alias IP addresses to their
> loopback interface rather than their Ethernet interface. Is their any
> benefit/detriment to doing this?
Here's the rule I use:
If the IP address you are adding is "Naturally" on the ethernet add it as
an alias to the Ethernet interface.
If the IP address is on a different subnet than the Ethernet, add it as an
alias on the loopback.
For example, let's say you're doing web hosting. For a small number of
hosts, you might just want to use some unused addresses on your ethernet.
For example if your ethernet is the subnet 192.168.1.0/24 (the entire
class c) then, you could utilize any of the unused addresses from
192.168.1.1 through 192.168.1.254 as a "alias" interface address. In this
case, you would add them to the Ethernet interface.
On the other hand, if you are going to be doing a lot of web hosting (or
more simply put, more than the ethernet subnet has available) then you
probably want to set aside another block just for web addresses. For
example, 192.168.2.0/24. In this case, you would add the addresses to the
Loopback interface. You will also need to add either a host or a subnet
route to your router pointing to the ethernet interface on your box.
For example, my main box is configured as follows:
bash$ ifconfig -a
ed1: flags=8a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500
inet 206.127.77.89 netmask 0xfffffff0 broadcast 206.127.77.95
inet 206.127.77.81 netmask 0xfffffff0 broadcast 206.127.77.81
inet 206.127.77.91 netmask 0xfffffff0 broadcast 206.127.77.91
ether 00:00:1b:3c:a5:cc
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
inet 206.127.77.129 netmask 0xffffffff
inet 206.127.77.130 netmask 0xffffffff
inet 206.127.77.131 netmask 0xffffffff
inet 206.127.77.132 netmask 0xffffffff
inet 206.127.77.133 netmask 0xffffffff
inet 206.127.77.138 netmask 0xffffffff
inet 206.127.77.139 netmask 0xffffffff
inet 206.127.77.140 netmask 0xffffffff
inet 206.127.77.141 netmask 0xffffffff
inet 206.127.77.142 netmask 0xffffffff
You could argue what the netmask should be in each case, but I generally
use the same netmask as the ethernet interface on the aliases added to the
ethernet, and a "host" netmask of 0xffffffff on the loopback interface.
Not to confuse the issue, but I believe that if you add an address to the
loopback out of the range on the ethernet you also need to do some
proxy-arp configuration (at least you used to). This is the real reason
you should add the "ethernet" to the ethernet. Conversely, if you add
"loopback" addresses to the ethernet, depending on the subnet and the
state of the ip forwarding flag in the kernel, you may have interesting
routing problems such as the machine trying to send packets for the subnet
but not on the localhost out the ethernet. (This last paragraph is
oversimplified- If you'd like a more technically accurate description,
e-mail me privately).
- Forrest W. Christian (forrestc@imach.com) KD7EHZ
----------------------------------------------------------------------
iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com
Solutions for your high-tech problems. (406)-442-6648
----------------------------------------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.991020115200.13144B-100000>