Date: Wed, 17 Feb 2010 22:42:07 +0100 From: Christian Ullrich <chris@chrullrich.net> To: freebsd-net@freebsd.org Subject: Routing into overlapping subnets Message-ID: <4B7C62AF.6000904@chrullrich.net>
next in thread | raw e-mail | index | archive | help
Hello all, I'm having a routing problem I can't wrap my head around. Consider this situation: I want to provide some common resources (printers etc.) to a number of clients in separate networks. They each have their own physical network, and these networks are supposed to stay isolated, with the exception of what I'm trying to set up. I have no control over the IP addressing used by the clients, except that it's all RFC1918, but as far as I know, they are all using the same addresses. What I thought would work was this: On a central switch, set up one VLAN per client network and ensure that the switch only forwards between the port assigned to the client and one (trunk) port where I put my router. On the router, create the required VLAN interfaces and put the "public" addresses for my printers on them (one in each RFC1918 net, but the same on each VLAN), then use pf to NAT the destination for packets coming in on each VLAN to the actual printers, and use "reply-to" to make sure the responses go out through the same interface. Now I'm stuck. With one client, that works fine, but when I add another one (different interface, same client address), the packets are dropped and dmesg shows lots of "arpresolve: can't allocate llinfo for (client address)". I suppose that's because there is already an ARP entry for that IP address, and the kernel cannot add another one. If that's true, here's what I don't understand: When the time comes to resolve IP addresses to hardware addresses, the kernel has already routed the packet to an outgoing interface, so it should be enough to consider the ARP entries associated with that interface to know where to send the packet. Why doesn't the kernel look up an ARP table entry by both IP address and interface? Is there anything I can do to make this work? It's not an everyday setup, I know, but I'd really like to make it work. Thanks for any help. -- Christian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B7C62AF.6000904>