From owner-freebsd-net Fri May 10 1:44:26 2002 Delivered-To: freebsd-net@freebsd.org Received: from mailout.informatik.tu-muenchen.de (mailout.informatik.tu-muenchen.de [131.159.0.5]) by hub.freebsd.org (Postfix) with ESMTP id 8E26737B40B for ; Fri, 10 May 2002 01:44:20 -0700 (PDT) Received: from mailrelay1.informatik.tu-muenchen.de (mailrelay1.informatik.tu-muenchen.de [131.159.254.5]) by mailout.informatik.tu-muenchen.de (Postfix) with ESMTP id E39DC6247; Fri, 10 May 2002 10:44:19 +0200 (MEST) Received: from atrbg11.informatik.tu-muenchen.de (atrbg11.informatik.tu-muenchen.de [131.159.24.91]) by mailrelay1.informatik.tu-muenchen.de (Postfix) with ESMTP id D09857942; Fri, 10 May 2002 10:44:19 +0200 (MEST) Received: by atrbg11.informatik.tu-muenchen.de (Postfix, from userid 20455) id 580F2139C8; Fri, 10 May 2002 10:44:19 +0200 (CEST) Date: Fri, 10 May 2002 10:44:19 +0200 From: Daniel Lang To: Nick Rogness Cc: freebsd-net@FreeBSD.ORG Subject: Re: Multiple NICs on the same subnet Message-ID: <20020510084419.GE33751@atrbg11.informatik.tu-muenchen.de> References: <20020509203930.GA32900@atrbg11.informatik.tu-muenchen.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.27i X-Geek: GCS/CC d-- s: a- C++$ UBS++++$ P+++$ L- E-(---) W+++(--) N++ o K w--- O? M? V? PS+(++) PE--(+) Y+ PGP+ t++ 5+++ X R+(-) tv+ b+ DI++ D++ G++ e+++ h---(-) r++>+++ y+ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Nick, Nick Rogness wrote on Thu, May 09, 2002 at 05:28:13PM -0500: [..] > The problem you are having is not an alias problem but a routing > one. Packets come in to your alias on the proper interface but > when the reply packet gets sent it uses the default route which > goes out your default route. ^^^^^ interface I assume. Yes, true, that is probably the case. Looking at my routing tables, this makes sense. > In other words, packets that arrive inbound on an interface will > not necessarily leave that same interface on the outbound reply, > if it doesn't have a route to that network via that > interface. Instead, it leaves through the default gateway > interface (because of the default route). I see. > The best way to handle this is with ipfw fwd. Basically you > forward packets trying to leave the default gateway with the > aliased address of a different interface out the right interface. > > For example: > > xl0 --> alias= 1.1.1.1/32 , (default gateway out this interface) > xl1 --> alias= 1.1.1.2/32 > lge0 --> alias= 1.1.1.3/32 > > ipfw ruleset: > > # FOrward packets properly > ipfw fwd $IP_OF_NEXT_HOP_xl1 ip from 1.1.1.2/32 to any out via xl0 > ipfw fwd $IP_OF_NEXT_HOP_lge0 ip from 1.1.1.3/32 to any out via xl0 > . . . [rest of firewall] . . . Hmmm hm hm hm :-) May work. I can try it... I hope the additional forwarding code does not slow things down too much, but I guess not. > You will need your kernel build with 'options IPFIREWALL_FORWARD'. Ok thanks. Is that option set on building the ipfw.ko ? Anyway I try it. Maybe ipfilter works alike. > > This would not be that much of a problem so far. The problem really > > showed up, when it seemed like the Gigabit interface did not seem to > > work as expected. A couple of possible problems may be the cause, > > symptoms beeing "lge0: watchdog timeout" messages (which may be due to > > hardware/cabling problems), "sendto: no buffer space availble" > > messages (no idea where this comes from, any hints appreaciated, > > kern.ipc.nmbclusters and kern.maxusers etc, are bumped enough and did > > not max out (according to netstat -m)). > > This is another problem altogether. Yes. Any hints or suggestsion? I've got kern.maxuser=768 and kern.ipc.nmbcluster=32768 now. Maybe that solves it... [..] Thanks a lot for your help. Best regards, Daniel -- IRCnet: Mr-Spock - signs of absurd developments in the net community: #42: - "Wurstbrot gehoert m.E. zum Fruehstuecks-botnet von Cartoon" - *Daniel Lang * dl@leo.org * +49 89 289 25735 * http://www.leo.org/~dl/* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message