Date: Wed, 23 Oct 1996 08:33:23 -0500 (CDT) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: moos@degnet.baynet.de Cc: freebsd-hackers@freebsd.org, questions@freebsd.org Subject: Re: Is this network possible with FreeBSD ??? Message-ID: <199610231333.IAA09985@brasil.moneng.mei.com> In-Reply-To: <326DFE77.549B@degnet.baynet.de> from "Darius Moos" at Oct 23, 96 10:16:07 am
next in thread | previous in thread | raw e-mail | index | archive | help
> i have an urgent problem with the network-setup of FreeBSD. > I've set up FreeBSD-2.1.0 for a company (I never set up an other OS > for any company). I was gave permission, to trash their linux and > install FreeBSD-2.1.0 instead. The installation went fine but now > i am running into a problem with their network-configuration. > Their ISP (a real linux-fetishist) says "FreeBSD is TOO BRAINDAMAGED > to handle this problem". I do not think so. The network-configuration I do not think so either. I routinely do much more complex things with FreeBSD. > is pictured below. Also more details are written below. > Now my problem (maybe I AM braindamaged): > 1. How to ifconfig the ether-device of the FreeBSD-box ? > 2. How to set up the routing of the FreeBSD-box ? > so that the FreeBSD-box acts as a mail- and WWW-proxy gateway for the > company's private network. > > +---------------+ > | FreeBSD-2.1.0 | > |+-------------+| > || NE 2000 || > || 192.168.3.1 || > || 1.2.3.253 || > ++------o------++ > | > | > ++-------o-------++ > || NE 2000 || > || 192.168.3.103 || > || 1.2.3.36 || > |+---------------+| > | | > | +-------+ > | Router | ISDN o------------o ISP 1.2.3.x > | +-------+ > | | > |+---------------+| > || 100 MBit || > || 192.168.3.104 || > ++-------o-------++ > | > | > ++-------o-----++ > || 100 MBit || > || 192.168.3.2 || > |+-------------+| > | | > | 192.168.3.x | A few general comments: I try as much as possible to stay with "traditional" IP implementation philosophies. This means, in particular, that I will not break up a network with a particular netmask over two wires. I mention this because it appears that your implementation may be doing this: the "192.168.3.1/192.168.3.103" addresses are clearly required to be on the same wire as the "192.168.3.104/192.168.3.x" addresses. If your router REALLY supports this, fine, you can proceed, but I am suggesting that it is bad network engineering. > The linux that i have trashed had no problems with this configuration > BUT i do not know how to ifconfig the network device of the FreeBSD- > machine and how to setup the correct routing. The FreeBSD-machine > should be known with a registered IP in the internet. I've replaced the > real registered IP with 1.2.3.253. All the other machines (except the > router) in the company should run only on the private network > 192.168.3.0. The FreeBSD-machine should be the email and WWW-proxy > gateway for the private company network. > The problem so far: > - When i ifconfig the network-card of the FreeBSD-machine with > "ifconfig ed0 inet 1.2.3.253 netmask 0xffffffff", the > 1.2.3.36-IP is not reachable and therefor unknown to the routing. Try this ifconfig instead: ifconfig ed0 inet 1.2.3.253 netmask 0xffffff00 (or whatever the real netmask of the Internet-visible subnet is). The 0xffffffff format is used when you are creating additional aliases on a wire for which an address and netmask have already been set up. This seems a little strange but makes sense if you think about it. > - I can not use a netmask of 0xffffff00 for the ether-device of the > FreeBSD-box. Well, you need to use SOME netmask! What are the apparent netmasks of the networks in question? > - When i ifconfig the ether-device of the FreeBSD-box with > "ifconfig ed0 inet 192.168.3.1 netmask 0xffffff00" and > "ifconfig ed0 inet 1.2.3.253 netmask 0xffffffff alias" > the outgoing packets never come back, since the FreeBSD-box sends > its packets with src of 192.168.3.1 Yes. > What i would need is a > ifconfig ed0 inet 1.2.3.253 netmask 0xffffffff > ifconfig ed0 inet 192.168.3.1 netmask 0xffffffff alias No. For the sake of argument I am going to pretend that you have a Class C (/24) sized address range from the ISP and a multiple Class C (/20) for your 192.168 net. ifconfig ed0 inet 1.2.3.253 netmask 0xffffff00 ifconfig ed0 inet 192.168.3.1 netmask 0xfffffc00 alias > route add -net 1.2.3 ed0 > but ether-devices as destination in the route-statement are not allowed. > Under the linux this was possible (the ISP says). If so that is bullshit. Ethernet is not (necessarily) a point to point protocol. If you have more than one other host on the wire (and how can you know), to which one do you route it? In this PARTICULAR case, one could guess that Linux is braindead enough that it does not understand that an IP alias with a netmask implies that route, and that it needs to be TOLD this... so much for the superiority of Linux. If you have to add any routes at all, it is largely dependent on what your router is doing on your behalf. If your router is actually doing all the work (which is how I read this), you may have to do nothing else at all. > Now this situation is braindamaged itself, but this does not count as > argument to the boss of this company. The boss had a running system > with this network-configuration and he stands on the point that this > has to be possible or the OS (FreeBSD) is not the right OS so far. > Please please help me with this network-setup, so i can prove, that > FreeBSD IS the right OS for all networking. > BTW: this mail is closely related to my other mail about FreeBSD-support > for HP-10/100-VG or Compex 100VG network-cards. > > Many thanks for all your help in advance. Please write back if this does not clear up your problems or give you the right clues to do so. I will do my best to help you with this. I have set up much more complex networking scenarios on occasion and this should not be particularly difficult. You need to get the network interfaces set up right, and then you need to figure out if you need to add any "exceptional" routes. I will note that this is NOT the way I would choose to implement this network, however. ... JG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610231333.IAA09985>