Date: Wed, 13 Sep 2000 20:56:14 -0700 From: Caleb Walker <cwalker@cwalk.org> To: "Ronald F. Guilmette" <rfg@monkeys.com>, freebsd-questions@FreeBSD.ORG Subject: Re: Help! Configuring for two IP addresses => one interface, and NATD Message-ID: <0009132056520H.00250@butthead.walker> In-Reply-To: <983.968903225@monkeys.com> References: <983.968903225@monkeys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- What is you subnet mask for this 63. class address. On Wed, 13 Sep 2000, Ronald F. Guilmette wrote: #If I could get a bit of guidance here, I'd really appreciate it. # #Here's the situation... # #I have a small local network which is connected to the net via a DSL line. #Up until today, I had exactly _one_ static IP address which my ISP had #allocated to my DSL line. As of today however, I now have _two_ static #IP addresses for my DSL line. # #I have one machine (running FreeBSD, of course) which is directly connected #to the DSL line. The machine in question serves as both a server (e.g. web, #mail, and name service) and also does double duty as a firewall. # #This machine has two ethernet cards on it... one connected to the DSL line #and another which goes out to a small ethernet hub to which the rest of my #local network is connected. # #This machine (the server/firewall machine) has all of the necessary stuff #compiled into the kernel to support both ipfw (firewall stuff) and also #the NATD stuff. And I *am* using both ipfw and natd. # #I've previously setup a rather elaborate set of firewall rules (for ipfw) #for this machine, and those have been working well. All non-suspicious #packets can get in and out with no problems, I am I am well and properly #alerted whenever suspicious activity from outside comes in. (I adjusted #those rules, of course, to make all necessary allowances for my new, second #static IP address.) # #Anyway, I have been working on an experimental special-purpose name server #and I needed another IP address to run that on, so today I requested and #obtained a second IP address from my ISP for my DSL line. The second IP #address has already been implemented by my ISP, and it seems to be correctly #routed down to my DSL line, along with my original static IP address. # #Now comes the hard part... I need to find out *everything* that I am supposed #to do to let the system know that I have this second IP address attached to #the first ethernet card. I have already added the following statement into #my /etc/rc.conf file (to make sure my new IP was ifconfig'd for the primary #ethernet card): # #ifconfig_xl0_alias0="inet 63.92.26.217 netmask 255.255.255.0" # #Then I rebooted. After this, "ifconfig -a" showed both IP addreses (new and #old) properly associated with my primary ethernet card. No problem. Great. # #Then I tried just pinging the new IP address from the server/firewall #machine itself and nothing happened. It just sat there. But I found that #I *could* ping the new address from *other* machines elsewhere on the #Internet. Hummm.... This can't be right! # #Now, I'm not going to be doing a whole lot of pinging of this machine from #itself, so this isn't TOO worrisome, but I just feel that the fact that I #cannot ping the second IP address from this very same machine indicates that #I am most certainly doing something wrong. There is obviously something #else that I need to do, but what? I have no idea. # #I think that main problem here is that I'm pretty damn ignorant about things #like routing and arp and stuff like that. # #I played around with both arp and /sbin/route for awhile, and I found a #couple of different ways to ``cure'' the ``no ping response'' problem, #but which of these is the ``correct'' solution? I have no idea. I'm #getting lost in a twisty maze of different route options, all different. # #If anybody can help get me unconfused, please do. # #Here's the output of `netstat -n -r' right after a reboot. Note that my #old static IP address is 63.92.26.236. My new one is 63.92.26.217. The #ethernet card that faces outward towards my DSL line is `xl0' and the one #that faces inward towards my (natd serviced) local network (192.168/16) #is called `rl0'. The IP address of my ISP's end of the DSL line is #63.92.26.254. # #Why, oh why isn't FreebSD smart enough to setup *any* sort of a route for #my second IP address? Eh? I mean hay! I already ifconfig'd it properly #and everything! (Grumble, grumble.) # #If anyone can educated me, please do. Please be sure to include #<rfg@monkeys.com> in the recipient list of your reply. Thanks. # # #----------------------------------------------------------------------- #Routing tables # #Internet: #Destination Gateway Flags Refs Use Netif Expire #default 63.92.26.254 UGSc 215 23628 xl0 #63.92.26/24 link#1 UC 0 0 xl0 #63.92.26.236 0:50:da:71:81:87 UHLW 10 17005 lo0 #63.92.26.254 0:30:19:4c:80:b2 UHLW 214 74 xl0 1144 #127.0.0.1 127.0.0.1 UH 1 10 lo0 #192.168/16 link#2 UC 0 0 rl0 #192.168.1.14 0:10:4b:68:be:11 UHLW 1 36 rl0 508 #192.168.254.254 link#2 UHLW 0 8 rl0 # # #To Unsubscribe: send mail to majordomo@FreeBSD.org #with "unsubscribe freebsd-questions" in the body of the message -- Thank You, Caleb Walker (310) 519-8359 (310) 753-8668 http://www.cwalk.org Get my pgp public key by fingering cwalker@cwalk.org -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use MessageID: ee8RayM5yGDo4c/kleZ88btbyYPrP4La iQA/AwUBOcBMhB7u1vJ5ZVWEEQLgbwCgzmELdyIpA1eIWODkAS1yMzuIWHwAnim0 JHAZruk0V72D+zt7D3+Q0vdG =h0la -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0009132056520H.00250>