Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 11 May 2004 15:54:28 -0400
From:      "Travis Troyer" <tm_troyer@hotmail.com>
To:        freebsd@stevenfettig.com, freebsd-questions@freebsd.org
Subject:   Re: 3 Nics - Dual (Tripe) Homed Host
Message-ID:  <BAY17-F17XweritlzTW00037f93@hotmail.com>

next in thread | raw e-mail | index | archive | help
>From: "Steven N. Fettig" <freebsd@stevenfettig.com>
>To: Travis Troyer <tm_troyer@hotmail.com>,  FreeBSD - questions 
><freebsd-questions@freebsd.org>
>Subject: Re: 3 Nics - Dual (Tripe) Homed Host
>Date: Mon, 10 May 2004 09:55:46 -0500
>
>Travis Troyer wrote:
>
>>I have a FreeBSD system that acts as a NAT Gateway, currently providing on 
>>LAN with access to the Internet.  I have added a third NIC, connected to a 
>>second LAN.  The second LAN does not need internet access, but I would 
>>like it to be able to communicate with the first LAN.  I have tried 
>>reading various sources, but have not found anything dealing with this 
>>situation. I would appreciate any help.  Below is a diagram of my current 
>>setup and the output of ifconfig.
>>
>>                             Internet
>>                                 |
>>                 [ xl0: DHCP assigned ]
>>                            Router
>>                             |      |
>>             [ xl1: 10.0.0.1]  [ xl3: 192.168.1.10]
>>         10.0.0.0/24 LAN  192.168.1.0/24 LAN
>>
>>Output of ifconfig:
>>xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>>        options=8<VLAN_MTU>
>>        inet 24.33.126.252 netmask 0xffffff00 broadcast 255.255.255.255
>>        ether 00:60:97:74:35:b0
>>        media: Ethernet autoselect (10baseT/UTP)
>>        status: active
>>xl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>>        options=b<RXCSUM,TXCSUM,VLAN_MTU>
>>        inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
>>        ether 00:01:02:37:93:eb
>>        media: Ethernet autoselect (100baseTX <full-duplex>)
>>        status: active
>>xl2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>>        options=b<RXCSUM,TXCSUM,VLAN_MTU>
>>        inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255
>>        ether 00:01:02:cc:63:d2
>>        media: Ethernet autoselect (100baseTX <full-duplex>)
>>        status: active
>>lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
>>        inet 127.0.0.1 netmask 0xff000000
>>
>Travis,
>
>Although I have been dealing with routing for years, I can't claim I really 
>understand it well, so my advice may not be so intelligent, but here's a 
>stab at it anyway:
>I think what you want to do is to bridge both LAN's.  You need to tell your 
>gateway that in order to get to 10.0.0.0/24 from 192.168.1.0/24, you need 
>to tell the routing tables that the route to 10.0.0.0/24 is via xl1 and 
>vice versa.
>
>route add 10.0.0.0/24 -interface xl1
>
>and vice versa:
>
>route add 192.168.1.0/24 -interface xl2
>
>In the handbook, it says 
>(http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bridging.html):
><--begin quote-->
>19.5.4 Enabling the Bridge
>
>Add the line:
>net.link.ether.bridge=1
>
>
>to /etc/sysctl.conf to enable the bridge at runtime, and the line:
>net.link.ether.bridge_cfg=if1,if2
>
>
>to enable bridging on the specified interfaces (replace if1 and if2 with 
>the names of your two network interfaces). If you want the bridged packets 
>to be filtered by ipfw(8), you should add:
>net.link.ether.bridge_ipfw=1
>
>
>as well.
>
>For FreeBSD 5.2-RELEASE and later, use instead the following lines:
>net.link.ether.bridge.enable=1
>net.link.ether.bridge.config=if1,if2
>net.link.ether.bridge.ipfw=1
><--end quote-->
>
>I am not sure if this will work, though, because I'm not sure what effect 
>(if any) it would have on the NAT from the 192.168.1.0/24 network.  You 
>might want to first try this approach while NAT and the firewall are turned 
>off.  I have a similar situation that I want to test, so I'd be curious if 
>you succeed and how.
>
>Steve Fettig
>

Steve,

Thank you for your suggestion, however, I gave that a try, and really wasn't 
getting anywhere.  For the sake of not angering the roommates too much by 
having to disable NAT, I tried every option but that.  In my research I 
found out about Virtual Hosts, or IP aliasing, and, since there were only 
two machines on the 10.0.0.0 network that needed to access machines on the 
192.168.1.0 network, and they were both running FreeBSD, I simply gave each 
machine a second IP on the 192.168.1.0 network, and everything is working 
fine.  In case you're interested, I used this bit of information:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-virtual-hosts.html

I'm not sure if you were aware of aliasing, as I was not, or if this fits 
your situation as well as it did mine.  I'm curious now as to whether or not 
my gateway/router machine could still provide connectivity between the two 
networks, via the virtual hosted interface, for clients on both LANs.  
Though my setup suites me now, I may give that a try.

Regards,

Travis Troyer

_________________________________________________________________
MSN Toolbar provides one-click access to Hotmail from any Web page – FREE 
download! http://toolbar.msn.com/go/onm00200413ave/direct/01/



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY17-F17XweritlzTW00037f93>