From owner-freebsd-questions@FreeBSD.ORG Tue Jun 21 11:19:41 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 633AD1065672 for ; Tue, 21 Jun 2011 11:19:41 +0000 (UTC) (envelope-from feenberg@nber.org) Received: from mail2.nber.org (mail2.nber.org [66.251.72.79]) by mx1.freebsd.org (Postfix) with ESMTP id 21BA08FC18 for ; Tue, 21 Jun 2011 11:19:40 +0000 (UTC) Received: from nber6.nber.org (nber6.nber.org [66.251.72.76]) by mail2.nber.org (8.14.4/8.14.4) with ESMTP id p5LBJbSs001981; Tue, 21 Jun 2011 07:19:38 -0400 (EDT) (envelope-from feenberg@nber.org) Received: from localhost (feenberg@localhost) by nber6.nber.org (8.14.4/8.14.4/Submit) with ESMTP id p5LBCSdQ022631; Tue, 21 Jun 2011 07:12:28 -0400 (EDT) X-Authentication-Warning: nber6.nber.org: feenberg owned process doing -bs Date: Tue, 21 Jun 2011 07:12:27 -0400 (EDT) From: Daniel Feenberg X-X-Sender: feenberg@nber6 To: Martin McCormick In-Reply-To: <201106202107.p5KL7PW0091851@x.it.okstate.edu> Message-ID: References: <201106202107.p5KL7PW0091851@x.it.okstate.edu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Anti-Virus: Kaspersky Anti-Virus for Linux Mail Server 5.6.39/RELEASE, bases: 20110621 #5599761, check: 20110621 clean Cc: freebsd-questions@freebsd.org Subject: Re: Two Networks on one System X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jun 2011 11:19:41 -0000 On Mon, 20 Jun 2011, Martin McCormick wrote: > I would like to say that I got it working, but after > looking at the duel-homed host section of the Handbook, I am > still stuck. A Google search turned up a thread from a couple of > years ago that almost echoed my exact words. We've got a system > with network interfaces on two disjointed networks. No routing > is desired, but we very much want for both interfaces to be > accessible from the world so each interface has to know about > its nearest gateway just as the primary interface knows about > the default route. What one seems to always be able to do is get > the primary up and talking to the world with no real trouble. > The secondary is on its network and you can log in from another > host on the same subnet but you can never see it from the world, > at large. > Several thoughts: (1) Are you sure the 2nd network is working? Can you test it without the complication of dual interfaces? (2) Without very special software, the interface for outbound packets is determined exclusively by the destination address, with no influence by the address of the incoming packet to that process. So when you log in via interface B, the return packets will likely come from interface A. Is there a firewall or router configured to restrict those outgoing packets? (3) The FreeBSD part of this "should just work". If you just use sysinstall to install the second interface, that should be enough, no other configuration is required. I would look at network devices for the ource of the problem. (4) Section 31.2 of the Handbook is entirely about using the FreeBSD box as a gateway or router to connect the two networks. I don't think you want to do that. They don't have a section on having a FreeBSD box belong to two networks, and not route between them, perhaps because it doesn't require any additional configuration. See (3) above. Daniel Feenberg