From owner-freebsd-net@FreeBSD.ORG Thu Feb 18 05:31:56 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 10A1B1065672 for ; Thu, 18 Feb 2010 05:31:56 +0000 (UTC) (envelope-from chris@chrullrich.net) Received: from chrullrich.net (v29774.1blu.de [88.84.143.174]) by mx1.freebsd.org (Postfix) with ESMTP id CA85E8FC0C for ; Thu, 18 Feb 2010 05:31:55 +0000 (UTC) Received: from [84.166.111.197] (helo=[192.168.2.4]) by chrullrich.net with esmtpa (Exim 4.69) (envelope-from ) id 1NhyzP-0004Cw-HI for freebsd-net@freebsd.org; Thu, 18 Feb 2010 06:31:51 +0100 Message-ID: <4B7CD0CB.4080105@chrullrich.net> Date: Thu, 18 Feb 2010 06:31:55 +0100 From: Christian Ullrich User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.1.5) Gecko/20091204 Thunderbird/3.0 MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <4B7C62AF.6000904@chrullrich.net> <4B7CA72A.4050202@ibctech.ca> In-Reply-To: <4B7CA72A.4050202@ibctech.ca> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Routing into overlapping subnets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Feb 2010 05:31:56 -0000 * Steve Bertrand wrote: > On 2010.02.17 16:42, Christian Ullrich wrote: >> send the packet. Why doesn't the kernel look up an ARP table entry by >> both IP address and interface? > > That's not how the protocols were designed, and thankfully so. Imagine > the potential for spoofing if this were allowed by default ;) You're right, of course. I had not considered that. > I have a couple of ideas, but need to understand better of your setup. > Advise if this seems semi-accurate: > > - you house global resources for a bunch of clients at a central location > - you have limited public IP addresses to do this with, or your central > location is located within the same 'building' as all of the clients The latter. > - you have several clients with overlapping 1918 space > - you need a method to have two instances of eg 192.168.1.110 accessing > a single central resource, but which will be coming in on two separate > interfaces (physical or virtual) > - the central services (ie printer) doesn't have the capability to house > more than a single IPv4 address > - you do not want to be open to the potential for one client accessing > the others networks > - you have absolute control over the pf box > > is this right? Exactly right. -- Christian