From owner-freebsd-net Wed Jan 29 20:13: 6 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9826B37B401 for ; Wed, 29 Jan 2003 20:13:04 -0800 (PST) Received: from mailhost.darkart.com (dsl081-070-149.sfo1.dsl.speakeasy.net [64.81.70.149]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4786F43E4A for ; Wed, 29 Jan 2003 20:11:56 -0800 (PST) (envelope-from freebsd@ghosthound.net) Received: by mailhost.darkart.com (Postfix, from userid 1001) id 462A4E52F; Wed, 29 Jan 2003 20:11:35 -0800 (PST) Date: Wed, 29 Jan 2003 20:11:34 -0800 From: Eric Hall To: Dave Cornejo Cc: freebsd-net@freebsd.org Subject: Re: unique routing problem Message-ID: <20030130041134.GC1754@darkart.com> References: <200301292207.h0TM7XPL094933@white.dogwood.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200301292207.h0TM7XPL094933@white.dogwood.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Jan 29, 2003 at 02:07:32PM -0800, Dave Cornejo wrote: > Hi, > > I've got a unique routing problem: > > local network is 192.168.1.0/24 > > 192.168.1.4 > | > | > 192.168.1.1 -- ethernet -- 192.168.1.2 / global IP addr -- internet > | > | > 192.168.1.3 > > now, the rules: > > 1) .1 may directly exchange packets with .4 and .2 only, it may not > exchange packets with .3 directly. > > 2) .2 may directly exchange packets with any host > > 3) .2 acts as the gateway to the internet > > the problem is that I need to be able to set up the routing tables so > that if .1 needs to connect to .3 that it goes through .2. If it > needs to connect to .4 or .2 it can do that directly. To make things > even more fun, any number of hosts may join or leave the network at > any point and the lists of which hosts have direct connectivity is > dynamic. But I think that if I can solve the above problem that I'll > have what I need to solve the rest of it. > I don't think that routing is going to solve your problem (at least from my take of your description). Filtering, most likely IP level filtering, is where I think you'll need to work. If you have a filtering (IP level) ethernet switch/router that you can easily control (SNMP will work, but I wouldn't recommend it), that might solve your problem. Segregating the various host types into different networks, preferrably physically (ie not using VLANs), and using a filtering router (or a bridge as you've outlined the network above) should work well. A more detailed description of the problem you're trying to solve, in particular the physical and logical topology of the network involved (and how much you can change it to meet the goals) will help in developing a solution. -eric To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message