Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 9 Feb 2007 23:02:40 +0300
From:      Yar Tikhiy <yar@comp.chem.msu.su>
To:        freebsd-net@freebsd.org
Subject:   Re: Bridging with two subnets
Message-ID:  <20070209200240.GI31439@comp.chem.msu.su>
In-Reply-To: <45C9BC01.5010803@netfence.it>
References:  <45C9BC01.5010803@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Feb 07, 2007 at 12:46:09PM +0100, Andrea Venturoli wrote:
> Hello.
> I've got a firewall which has public IP xxx.xxx.xxx.2 on its first NIC.
> This is bridged with a second NIC which holds xxx.xxx.xxx.0/24.
> (I also have a third and fourth NIC which runs two private IP networks, 
> which are NATted, but I don't think this matters).
> 
> Everything is ok, but now I'm in need to also have a second public IP 
> network on the second NIC, let's say yyy.yyy.yyy.0/24.
> A single upstream router provides us both public nets, but obviously 
> with two different gateways (xxx.xxx.xxx.1 and yyy.yyy.yyy.1).
> 
> The question is: is this possible?
> 
> Do I only need to attach the additional yyy.yyy.yyy.0/24 boxes to the 
> same switch?
> Do I need to ifconfig alias yyy.yyy.yyy.2 on the first NIC?
> What about the gateway then? Do I still set the first one only?
> 
> My answers would be: Yes, No, Yes. I thought I'd ask, however.

My bet is Yes Yes No.  Since your firewall does bridging between
the two NICs, your yyy.* hosts attached to the second NIC should
see yyy.1 transparently via the bridge.  Just make sure your ipfw
doesn't filter the traffic if you filter bridged packets.  The only
little problem will be that your firewall itself will see yyy.1 via
its default route to xxx.1.  Oh, and of course your yyy.* hosts
must have their default routes set to yyy.1, not to yyy.2, which
isn't there.  Your xxx.* hosts' default route is xxx.1, isn't it?

And IIRC you should assign IP addresses to the if_bridge interface
itself if you want the bridging host to participate in the bridged
network.

-- 
Yar

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070209200240.GI31439>