Date: Fri, 10 May 2002 10:44:19 +0200 From: Daniel Lang <dl@leo.org> To: Nick Rogness <nick@rogness.net> Cc: freebsd-net@FreeBSD.ORG Subject: Re: Multiple NICs on the same subnet Message-ID: <20020510084419.GE33751@atrbg11.informatik.tu-muenchen.de> In-Reply-To: <Pine.BSF.4.21.0205091710500.21635-100000@cody.jharris.com> References: <20020509203930.GA32900@atrbg11.informatik.tu-muenchen.de> <Pine.BSF.4.21.0205091710500.21635-100000@cody.jharris.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Nick,
Nick Rogness wrote on Thu, May 09, 2002 at 05:28:13PM -0500:
[..]
> The problem you are having is not an alias problem but a routing
> one. Packets come in to your alias on the proper interface but
> when the reply packet gets sent it uses the default route which
> goes out your default route.
^^^^^ interface I assume.
Yes, true, that is probably the case. Looking at my routing
tables, this makes sense.
> In other words, packets that arrive inbound on an interface will
> not necessarily leave that same interface on the outbound reply,
> if it doesn't have a route to that network via that
> interface. Instead, it leaves through the default gateway
> interface (because of the default route).
I see.
> The best way to handle this is with ipfw fwd. Basically you
> forward packets trying to leave the default gateway with the
> aliased address of a different interface out the right interface.
>
> For example:
>
> xl0 --> alias= 1.1.1.1/32 , (default gateway out this interface)
> xl1 --> alias= 1.1.1.2/32
> lge0 --> alias= 1.1.1.3/32
>
> ipfw ruleset:
>
> # FOrward packets properly
> ipfw fwd $IP_OF_NEXT_HOP_xl1 ip from 1.1.1.2/32 to any out via xl0
> ipfw fwd $IP_OF_NEXT_HOP_lge0 ip from 1.1.1.3/32 to any out via xl0
> . . . [rest of firewall] . . .
Hmmm hm hm hm :-) May work. I can try it... I hope the additional forwarding
code does not slow things down too much, but I guess not.
> You will need your kernel build with 'options IPFIREWALL_FORWARD'.
Ok thanks. Is that option set on building the ipfw.ko ?
Anyway I try it. Maybe ipfilter works alike.
> > This would not be that much of a problem so far. The problem really
> > showed up, when it seemed like the Gigabit interface did not seem to
> > work as expected. A couple of possible problems may be the cause,
> > symptoms beeing "lge0: watchdog timeout" messages (which may be due to
> > hardware/cabling problems), "sendto: no buffer space availble"
> > messages (no idea where this comes from, any hints appreaciated,
> > kern.ipc.nmbclusters and kern.maxusers etc, are bumped enough and did
> > not max out (according to netstat -m)).
>
> This is another problem altogether.
Yes. Any hints or suggestsion? I've got kern.maxuser=768 and
kern.ipc.nmbcluster=32768 now. Maybe that solves it...
[..]
Thanks a lot for your help.
Best regards,
Daniel
--
IRCnet: Mr-Spock - signs of absurd developments in the net community:
#42: - "Wurstbrot gehoert m.E. zum Fruehstuecks-botnet von Cartoon" -
*Daniel Lang * dl@leo.org * +49 89 289 25735 * http://www.leo.org/~dl/*
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020510084419.GE33751>