From owner-freebsd-stable Wed Oct 20 11:10:26 1999 Delivered-To: freebsd-stable@freebsd.org Received: from workhorse.iMach.com (workhorse.iMach.com [206.127.77.89]) by hub.freebsd.org (Postfix) with ESMTP id 21C9B14C9A for ; Wed, 20 Oct 1999 11:10:23 -0700 (PDT) (envelope-from forrestc@workhorse.iMach.com) Received: from localhost (forrestc@localhost) by workhorse.iMach.com (8.8.8/8.8.8) with SMTP id MAA16510; Wed, 20 Oct 1999 12:08:48 -0600 (MDT) Date: Wed, 20 Oct 1999 12:08:48 -0600 (MDT) From: "Forrest W. Christian" Reply-To: "Forrest W. Christian" To: Will Mitayai Keeso Rowe Cc: FreeBSD-Stable Subject: Re: IP aliasing In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 20 Oct 1999, Will Mitayai Keeso Rowe wrote: > I noticed on another server's box that they alias IP addresses to their > loopback interface rather than their Ethernet interface. Is their any > benefit/detriment to doing this? Here's the rule I use: If the IP address you are adding is "Naturally" on the ethernet add it as an alias to the Ethernet interface. If the IP address is on a different subnet than the Ethernet, add it as an alias on the loopback. For example, let's say you're doing web hosting. For a small number of hosts, you might just want to use some unused addresses on your ethernet. For example if your ethernet is the subnet 192.168.1.0/24 (the entire class c) then, you could utilize any of the unused addresses from 192.168.1.1 through 192.168.1.254 as a "alias" interface address. In this case, you would add them to the Ethernet interface. On the other hand, if you are going to be doing a lot of web hosting (or more simply put, more than the ethernet subnet has available) then you probably want to set aside another block just for web addresses. For example, 192.168.2.0/24. In this case, you would add the addresses to the Loopback interface. You will also need to add either a host or a subnet route to your router pointing to the ethernet interface on your box. For example, my main box is configured as follows: bash$ ifconfig -a ed1: flags=8a43 mtu 1500 inet 206.127.77.89 netmask 0xfffffff0 broadcast 206.127.77.95 inet 206.127.77.81 netmask 0xfffffff0 broadcast 206.127.77.81 inet 206.127.77.91 netmask 0xfffffff0 broadcast 206.127.77.91 ether 00:00:1b:3c:a5:cc lp0: flags=8810 mtu 1500 tun0: flags=8010 mtu 1500 lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 inet 206.127.77.129 netmask 0xffffffff inet 206.127.77.130 netmask 0xffffffff inet 206.127.77.131 netmask 0xffffffff inet 206.127.77.132 netmask 0xffffffff inet 206.127.77.133 netmask 0xffffffff inet 206.127.77.138 netmask 0xffffffff inet 206.127.77.139 netmask 0xffffffff inet 206.127.77.140 netmask 0xffffffff inet 206.127.77.141 netmask 0xffffffff inet 206.127.77.142 netmask 0xffffffff You could argue what the netmask should be in each case, but I generally use the same netmask as the ethernet interface on the aliases added to the ethernet, and a "host" netmask of 0xffffffff on the loopback interface. Not to confuse the issue, but I believe that if you add an address to the loopback out of the range on the ethernet you also need to do some proxy-arp configuration (at least you used to). This is the real reason you should add the "ethernet" to the ethernet. Conversely, if you add "loopback" addresses to the ethernet, depending on the subnet and the state of the ip forwarding flag in the kernel, you may have interesting routing problems such as the machine trying to send packets for the subnet but not on the localhost out the ethernet. (This last paragraph is oversimplified- If you'd like a more technically accurate description, e-mail me privately). - Forrest W. Christian (forrestc@imach.com) KD7EHZ ---------------------------------------------------------------------- iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com Solutions for your high-tech problems. (406)-442-6648 ---------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message