DragonFly users List (threaded) for 2005-03
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: DragonFlyBSD not in compliance with RFC 1122

From:	Gary Allan <dragonfly@xxxxxxxxxxxxxxx>
Date:	Fri, 18 Mar 2005 19:10:29 +0000

sam wrote:

Jeffrey Hsu wrote:
Gary Allan wrote:
Hello,

I ran into a problem today. I administer a machine that needs to sit on two separate networks 192.168.2.2/24 and 192.168.15.2/24. The network card is configured as:
xl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.15.2 netmask 0xffffff00 broadcast 192.168.15.255
        inet 192.168.2.2 netmask 0xffffff00 broadcast 192.168.2.255
        ether 00:10:5a:f7:6e:71
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
The machine has a default route of 192.168.15.1.
(Public IP addresses replaced with private.)
All is well except that 192.168.2.2 is inaccessible from the Internet. A quick RTFM reveals that I need to add a second default gateway

I've resolved this by using IPFW to forward the necessary traffic from 192.168.2.0/24 to the 192.168.2.1 router but feel this is a bit of a bodge. I've noticed recent routing code commits so I'm hoping this is a good time
Can't you just add
 route add 192.168.2/24 192.168.2.1
this should work. I use this static route from internet to the internal LAN which located behind the second freebsd gateway.

Sam.

Hello,

Adding "route add 192.168.2/24 192.168.2.1" isn't appropriate as no gateway is necessary to access the 192.168.2.0/24 subnet (See the alias 192.168.2.2 netmask 0xffffff00). In fact there is already a 192.168.2 route entry and the attempt fails with "File exists".

192.168.2 link#1 UC 6 0 xl0

Traffic to 192.168.2.0/24 or 192.168.15.0/24 makes use of ARP. Traffic to any other routable address needs to utilise a gateway. In this case what is needed is for traffic originating from 192.168.2.2 to be forwarded to 192.168.2.1 and traffic originating from 192.168.15.2 to be forwarded to 192.168.15.1. This is why multiple default routes are needed (RFC 1122).

Currently traffic from 192.168.2.2 is being forwarded to 192.168.15.1 and is being dropped due to anti-spoofing rules on the router. (Only traffic from 192.168.15.0/24 should arrive on 192.168.15.1.)

Hope this clears things up.

Gary

(Addresses changed to protect the innocent.)

References:
- DragonFlyBSD not in compliance with RFC 1122
  - From: Gary Allan
- Re: DragonFlyBSD not in compliance with RFC 1122
  - From: Jeffrey Hsu
- Re: DragonFlyBSD not in compliance with RFC 1122
  - From: sam

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]