Re: 3 Nics - Dual (Tripe) Homed Host
Steven N. Fettig wrote: Travis Troyer wrote: I have a FreeBSD system that acts as a NAT Gateway, currently providing on LAN with access to the Internet. I have added a third NIC, connected to a second LAN. The second LAN does not need internet access, but I would like it to be able to communicate with the first LAN. I have tried reading various sources, but have not found anything dealing with this situation. I would appreciate any help. Below is a diagram of my current setup and the output of ifconfig. Internet | [ xl0: DHCP assigned ] Router | | [ xl1: 10.0.0.1] [ xl3: 192.168.1.10] 10.0.0.0/24 LAN 192.168.1.0/24 LAN Output of ifconfig: xl0: flags=8843 mtu 1500 options=8 inet 24.33.126.252 netmask 0xff00 broadcast 255.255.255.255 ether 00:60:97:74:35:b0 media: Ethernet autoselect (10baseT/UTP) status: active xl1: flags=8843 mtu 1500 options=b inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 ether 00:01:02:37:93:eb media: Ethernet autoselect (100baseTX ) status: active xl2: flags=8843 mtu 1500 options=b inet 192.168.1.10 netmask 0xff00 broadcast 192.168.1.255 ether 00:01:02:cc:63:d2 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff00 Travis, Although I have been dealing with routing for years, I can't claim I really understand it well, so my advice may not be so intelligent, but here's a stab at it anyway: I think what you want to do is to bridge both LAN's. You need to tell your gateway that in order to get to 10.0.0.0/24 from 192.168.1.0/24, you need to tell the routing tables that the route to 10.0.0.0/24 is via xl1 and vice versa. route add 10.0.0.0/24 -interface xl1 and vice versa: route add 192.168.1.0/24 -interface xl2 In the handbook, it says (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bridging.html): <--begin quote--> 19.5.4 Enabling the Bridge Add the line: net.link.ether.bridge=1 to /etc/sysctl.conf to enable the bridge at runtime, and the line: net.link.ether.bridge_cfg=if1,if2 to enable bridging on the specified interfaces (replace if1 and if2 with the names of your two network interfaces). If you want the bridged packets to be filtered by ipfw(8), you should add: net.link.ether.bridge_ipfw=1 as well. For FreeBSD 5.2-RELEASE and later, use instead the following lines: net.link.ether.bridge.enable=1 net.link.ether.bridge.config=if1,if2 net.link.ether.bridge.ipfw=1 <--end quote--> I am not sure if this will work, though, because I'm not sure what effect (if any) it would have on the NAT from the 192.168.1.0/24 network. You might want to first try this approach while NAT and the firewall are turned off. I have a similar situation that I want to test, so I'd be curious if you succeed and how. Steve Fettig ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" This should work fine with NAT. I was using similar setup during tests with wi-fi : server with wi-fi card (hostap and DHCP - 192.168.1.xxx range), one NIC connected to local LAN (192.168.0.xxx range) and one NIC for connection to my ISP ( to cable modem to be more specific ). Only people on local lan were able to connect to internet - this was controlled via ipfw rules. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: 3 Nics - Dual (Tripe) Homed Host
> I'm not sure if you were aware of aliasing, as I was not, or if this fits > your situation as well as it did mine. I'm curious now as to whether or not > my gateway/router machine could still provide connectivity between the two > networks, via the virtual hosted interface, for clients on both LANs. > Though my setup suites me now, I may give that a try. > > Regards, > > Travis Troyer > I'm not sure if you were aware of this option or not, but to configure FreeBSD for native routing on it's directly connected network segments, you will need to enable forwarding to configure it to be a gateway system. To enable gateway mode via the command line: /root> sysctl net.inet.ip.forwarding=1 Then in your rc.conf add the following to do so on every boot: gateway_enable="YES" The initial problem you described leads me to belive that this isn't currently configured. Also, if you're running natd, then you may need to make allowances in your firewall ruleset to allow the traffic to pass from one lan segment to the other. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: 3 Nics - Dual (Tripe) Homed Host
From: "Steven N. Fettig" <[EMAIL PROTECTED]> To: Travis Troyer <[EMAIL PROTECTED]>, FreeBSD - questions <[EMAIL PROTECTED]> Subject: Re: 3 Nics - Dual (Tripe) Homed Host Date: Mon, 10 May 2004 09:55:46 -0500 Travis Troyer wrote: I have a FreeBSD system that acts as a NAT Gateway, currently providing on LAN with access to the Internet. I have added a third NIC, connected to a second LAN. The second LAN does not need internet access, but I would like it to be able to communicate with the first LAN. I have tried reading various sources, but have not found anything dealing with this situation. I would appreciate any help. Below is a diagram of my current setup and the output of ifconfig. Internet | [ xl0: DHCP assigned ] Router | | [ xl1: 10.0.0.1] [ xl3: 192.168.1.10] 10.0.0.0/24 LAN 192.168.1.0/24 LAN Output of ifconfig: xl0: flags=8843 mtu 1500 options=8 inet 24.33.126.252 netmask 0xff00 broadcast 255.255.255.255 ether 00:60:97:74:35:b0 media: Ethernet autoselect (10baseT/UTP) status: active xl1: flags=8843 mtu 1500 options=b inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 ether 00:01:02:37:93:eb media: Ethernet autoselect (100baseTX ) status: active xl2: flags=8843 mtu 1500 options=b inet 192.168.1.10 netmask 0xff00 broadcast 192.168.1.255 ether 00:01:02:cc:63:d2 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff00 Travis, Although I have been dealing with routing for years, I can't claim I really understand it well, so my advice may not be so intelligent, but here's a stab at it anyway: I think what you want to do is to bridge both LAN's. You need to tell your gateway that in order to get to 10.0.0.0/24 from 192.168.1.0/24, you need to tell the routing tables that the route to 10.0.0.0/24 is via xl1 and vice versa. route add 10.0.0.0/24 -interface xl1 and vice versa: route add 192.168.1.0/24 -interface xl2 In the handbook, it says (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bridging.html): <--begin quote--> 19.5.4 Enabling the Bridge Add the line: net.link.ether.bridge=1 to /etc/sysctl.conf to enable the bridge at runtime, and the line: net.link.ether.bridge_cfg=if1,if2 to enable bridging on the specified interfaces (replace if1 and if2 with the names of your two network interfaces). If you want the bridged packets to be filtered by ipfw(8), you should add: net.link.ether.bridge_ipfw=1 as well. For FreeBSD 5.2-RELEASE and later, use instead the following lines: net.link.ether.bridge.enable=1 net.link.ether.bridge.config=if1,if2 net.link.ether.bridge.ipfw=1 <--end quote--> I am not sure if this will work, though, because I'm not sure what effect (if any) it would have on the NAT from the 192.168.1.0/24 network. You might want to first try this approach while NAT and the firewall are turned off. I have a similar situation that I want to test, so I'd be curious if you succeed and how. Steve Fettig Steve, Thank you for your suggestion, however, I gave that a try, and really wasn't getting anywhere. For the sake of not angering the roommates too much by having to disable NAT, I tried every option but that. In my research I found out about Virtual Hosts, or IP aliasing, and, since there were only two machines on the 10.0.0.0 network that needed to access machines on the 192.168.1.0 network, and they were both running FreeBSD, I simply gave each machine a second IP on the 192.168.1.0 network, and everything is working fine. In case you're interested, I used this bit of information: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-virtual-hosts.html I'm not sure if you were aware of aliasing, as I was not, or if this fits your situation as well as it did mine. I'm curious now as to whether or not my gateway/router machine could still provide connectivity between the two networks, via the virtual hosted interface, for clients on both LANs. Though my setup suites me now, I may give that a try. Regards, Travis Troyer _ MSN Toolbar provides one-click access to Hotmail from any Web page FREE download! http://toolbar.msn.com/go/onm00200413ave/direct/01/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: 3 Nics - Dual (Tripe) Homed Host
Travis Troyer wrote: I have a FreeBSD system that acts as a NAT Gateway, currently providing on LAN with access to the Internet. I have added a third NIC, connected to a second LAN. The second LAN does not need internet access, but I would like it to be able to communicate with the first LAN. I have tried reading various sources, but have not found anything dealing with this situation. I would appreciate any help. Below is a diagram of my current setup and the output of ifconfig. Internet | [ xl0: DHCP assigned ] Router | | [ xl1: 10.0.0.1] [ xl3: 192.168.1.10] 10.0.0.0/24 LAN 192.168.1.0/24 LAN Output of ifconfig: xl0: flags=8843 mtu 1500 options=8 inet 24.33.126.252 netmask 0xff00 broadcast 255.255.255.255 ether 00:60:97:74:35:b0 media: Ethernet autoselect (10baseT/UTP) status: active xl1: flags=8843 mtu 1500 options=b inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 ether 00:01:02:37:93:eb media: Ethernet autoselect (100baseTX ) status: active xl2: flags=8843 mtu 1500 options=b inet 192.168.1.10 netmask 0xff00 broadcast 192.168.1.255 ether 00:01:02:cc:63:d2 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff00 Travis, Although I have been dealing with routing for years, I can't claim I really understand it well, so my advice may not be so intelligent, but here's a stab at it anyway: I think what you want to do is to bridge both LAN's. You need to tell your gateway that in order to get to 10.0.0.0/24 from 192.168.1.0/24, you need to tell the routing tables that the route to 10.0.0.0/24 is via xl1 and vice versa. route add 10.0.0.0/24 -interface xl1 and vice versa: route add 192.168.1.0/24 -interface xl2 In the handbook, it says (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bridging.html): <--begin quote--> 19.5.4 Enabling the Bridge Add the line: net.link.ether.bridge=1 to /etc/sysctl.conf to enable the bridge at runtime, and the line: net.link.ether.bridge_cfg=if1,if2 to enable bridging on the specified interfaces (replace if1 and if2 with the names of your two network interfaces). If you want the bridged packets to be filtered by ipfw(8), you should add: net.link.ether.bridge_ipfw=1 as well. For FreeBSD 5.2-RELEASE and later, use instead the following lines: net.link.ether.bridge.enable=1 net.link.ether.bridge.config=if1,if2 net.link.ether.bridge.ipfw=1 <--end quote--> I am not sure if this will work, though, because I'm not sure what effect (if any) it would have on the NAT from the 192.168.1.0/24 network. You might want to first try this approach while NAT and the firewall are turned off. I have a similar situation that I want to test, so I'd be curious if you succeed and how. Steve Fettig ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
3 Nics - Dual (Tripe) Homed Host
I have a FreeBSD system that acts as a NAT Gateway, currently providing on LAN with access to the Internet. I have added a third NIC, connected to a second LAN. The second LAN does not need internet access, but I would like it to be able to communicate with the first LAN. I have tried reading various sources, but have not found anything dealing with this situation. I would appreciate any help. Below is a diagram of my current setup and the output of ifconfig. Internet | [ xl0: DHCP assigned ] Router | | [ xl1: 10.0.0.1] [ xl3: 192.168.1.10] 10.0.0.0/24 LAN 192.168.1.0/24 LAN Output of ifconfig: xl0: flags=8843 mtu 1500 options=8 inet 24.33.126.252 netmask 0xff00 broadcast 255.255.255.255 ether 00:60:97:74:35:b0 media: Ethernet autoselect (10baseT/UTP) status: active xl1: flags=8843 mtu 1500 options=b inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 ether 00:01:02:37:93:eb media: Ethernet autoselect (100baseTX ) status: active xl2: flags=8843 mtu 1500 options=b inet 192.168.1.10 netmask 0xff00 broadcast 192.168.1.255 ether 00:01:02:cc:63:d2 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff00 _ Check out the coupons and bargains on MSN Offers! http://youroffers.msn.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
