From owner-freebsd-questions@FreeBSD.ORG Sat Jun 19 17:00:26 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1D2CC16A4D0 for ; Sat, 19 Jun 2004 17:00:26 +0000 (GMT) Received: from pursued-with.net (adsl-66-125-9-244.dsl.sndg02.pacbell.net [66.125.9.244]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A00743D5E for ; Sat, 19 Jun 2004 17:00:25 +0000 (GMT) (envelope-from freebsd@pursued-with.net) Received: from [10.0.0.42] (babelfish.pursued-with.net [10.0.0.42]) by pursued-with.net (Postfix) with ESMTP id ABD2D19DA8C; Sat, 19 Jun 2004 10:01:28 -0700 (PDT) In-Reply-To: <005f01c455fe$f01bbba0$fa10fea9@astral> References: <005f01c455fe$f01bbba0$fa10fea9@astral> Mime-Version: 1.0 (Apple Message framework v618) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <4E165AB1-C212-11D8-91AC-000A95D7C3C6@pursued-with.net> Content-Transfer-Encoding: 7bit From: Kevin Stevens Date: Sat, 19 Jun 2004 10:01:28 -0700 To: John Lee X-Mailer: Apple Mail (2.618) cc: freebsd-questions@freebsd.org Subject: Re: blocking internally X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Jun 2004 17:00:26 -0000 On Jun 19, 2004, at 06:11, John Lee wrote: > hi, i have 7 ips on one box, however they can't connect internally > to each other IP ports. please advise. Counting below, you only reference 6 IP addresses on the box: 63.223.65.192, 63.223.65.193, 63.223.71.2, 63.223.71.3, 63.223.71.4, and 63.223.71.5. What's the seventh one? > here's my setup: > > rc.conf: > defaultrouter="63.223.65.1" > ifconfig_sis0="inet 63.223.65.192 netmask 255.255.255.0" > > /etc/ips.added: > ifconfig sis0 inet 63.223.65.193/32 alias Ok. BTW, these statements indicate that you own an entire class C of public address space. That seems unlikely, and if it's not the case, you shouldn't be using the addresses. > ifconfig sis0 inet 63.223.71.2/32 alias > ifconfig sis0 inet 63.223.71.3/32 alias > ifconfig sis0 inet 63.223.71.4/32 alias > ifconfig sis0 inet 63.223.71.5/32 alias Problem here. These addresses are not in the same subnet as the primary address (63.223.65.0/24). Therefore you shouldn't use a /32 for them, you should use the actual netmask. This is definitely true for the FIRST 63.223.71.x address, and I *think* it's true for the others as well. I've never actually seen an example of assigning multiple IPs for a second subnet under FreeBSD. > route add 63.223.65.193 63.223.65.1 This is broken. You're saying "route any traffic this host is sending, destined for itself, to an external gateway". I really doubt you want to do that. > route add 63.223.71.2 63.223.71.1 > route add 63.223.71.3 63.223.71.1 > route add 63.223.71.4 63.223.71.1 > route add 63.223.71.5 63.223.71.1 Again broken, for the same reasons. You don't normally enter routing statements for your OWN IP addresses, you enter routing statements that describe how to reach OTHER addresses/networks. KeS