From owner-freebsd-net@FreeBSD.ORG Wed Feb 27 14:38:26 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F0C671065681 for ; Wed, 27 Feb 2008 14:38:25 +0000 (UTC) (envelope-from gerrit@pmp.uni-hannover.de) Received: from mrelay1.uni-hannover.de (mrelay1.uni-hannover.de [130.75.2.106]) by mx1.freebsd.org (Postfix) with ESMTP id 979E08FC18 for ; Wed, 27 Feb 2008 14:38:25 +0000 (UTC) (envelope-from gerrit@pmp.uni-hannover.de) Received: from www.pmp.uni-hannover.de (www.pmp.uni-hannover.de [130.75.117.2]) by mrelay1.uni-hannover.de (8.13.8/8.13.8) with ESMTP id m1RDJW8c001138 for ; Wed, 27 Feb 2008 14:19:34 +0100 Received: from pmp.uni-hannover.de (arc.pmp.uni-hannover.de [130.75.117.1]) by www.pmp.uni-hannover.de (Postfix) with SMTP id B6F54299 for ; Wed, 27 Feb 2008 14:19:32 +0100 (CET) Date: Wed, 27 Feb 2008 14:19:32 +0100 From: Gerrit =?ISO-8859-1?Q?K=FChn?= To: freebsd-net@freebsd.org Message-Id: <20080227141932.2d185b92.gerrit@pmp.uni-hannover.de> Organization: Albert-Einstein-Institut (MPI =?ISO-8859-1?Q?f=FCr?= Gravitationsphysik & IGP =?ISO-8859-1?Q?Universit=E4t?= Hannover) X-Mailer: Sylpheed 2.4.8 (GTK+ 2.12.7; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-PMX-Version: 5.4.1.325704 Subject: interface aliases and tap devices X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2008 14:38:26 -0000 Hello, I have two stories to tell meanwhile, the first comes here in form of a forward from a question I posted on the discussion list for dnsmasq (ports/dns/dnsmasq): --- Begin forwarded message: Date: Wed, 27 Feb 2008 09:28:28 +0000 From: Simon Kelley To: Gerrit K=FChn Cc: dnsmasq-discuss@thekelleys.org.uk Subject: Re: [Dnsmasq-discuss] question about subnets and interface aliases Gerrit K=FChn wrote: > Hi folks, >=20 > I have a private network here (192.168.0.0/16) which I have separated > in 8 subnets (192.168.0.0/19, 192.168.32.0/19 and so on). I want to > run dnsmasq to serve as dns and dhcp server, but only on one machine. > As the separation of the subnets is purely of logical nature and not=20 > physical (everything on the same switched network), I have configured > this machine with the primary IP address 192.168.0.254/19 and put IP > aliases for all other subnets (192.168.32.254/19 and so on) on that > interface. The free dhcp IP-range for unknown hosts is in the first > subnet (192.168.30.0/24), all others shall be fixed-host entries > which are identified via their MAC addresses. >=20 > Now I see the following behaviour: dhcp-addresses are delivered from > the free segment to unknown hosts as designed. However, fixed-host > entries only work if they come from the first subnet > (192.168.0.0/19). If I have dhcp-host entries for any other subnet, > they are completely ignored and the requesting hosts gets an IP from > the free range for unknown hosts instead. >=20 > Is my setup completely screwed up and something one should not do, or > does anyone here have an idea how to get things right? I'm using > FreeBSD 7-stable and dnsmasq 2.40 (if that matters). It does matter, specifically the FreeBSD bit. On Linux, the above arrangement will work, (or at least can be made to work). The code for determining the IP parameters of an interface on *BSD knows nothing about aliases, so it can't work. > Any hint is appreciated. If you are, or can find, a FreeBSD networking guru who can upgrade the code in src/bpf.c I'm happy to take a patch..... Cheers, Simon. --- As I am definitely not the networking guru who could do this, I thought it would be a good idea to ask here if anyone is interested in helping out. The second story is connected with the first: As the problem for dnsmasq seems to be that it cannot handle more than one IP per interface, I came up with the idea if setting up one IP on the physical interface and 7 more on 7 virtual tap devices. Then I bound the tap devices together with the physical interface on a bridge interface. This setup works insofar that I can ping all 8 addresses and receive answers. ssh connections and so on work, too. However, the dhcp client broadcasts do not reach dnsmasq, although I configured it to listen on all 8 interfaces. Even more strange to me was that I discovered that the virtual tap interfaces see nothing of the traffic. If I run tcpdump on the tap devices (or even on the bridge interface), I see /nothing/ of the traffic which is actually directed to one of the IPs the tap devices carry. I see everything floating though the physical interface, though. I actually thought that the traffic would reach the tap interfaces and could be processed there with other software like tcpdump or dnsmasq. Why is this not the case? cu Gerrit