From owner-freebsd-questions@FreeBSD.ORG Mon Mar 8 10:00:38 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 38C9C16A4CF for ; Mon, 8 Mar 2004 10:00:38 -0800 (PST) Received: from smtp.mailbox.co.uk (smtp.mailbox.co.uk [195.82.125.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8090443D48 for ; Mon, 8 Mar 2004 10:00:37 -0800 (PST) (envelope-from waynep@smtp.penguinpowered.org) Received: from [212.18.250.170] (helo=smtp.penguinpowered.org) by smtp.mailbox.co.uk with esmtp (Exim 3.36 #1) id 1B0P3K-0007rM-00 for freebsd-questions@freebsd.org; Mon, 08 Mar 2004 18:00:34 +0000 Received: from waynep by smtp.penguinpowered.org with local (Exim 4.30; FreeBSD) id 1B0P53-00055K-6d for freebsd-questions@freebsd.org; Mon, 08 Mar 2004 18:02:21 +0000 Date: Mon, 8 Mar 2004 18:02:21 +0000 From: Wayne Pascoe To: freebsd-questions@freebsd.org Message-ID: <20040308180221.GA19486@marvin.penguinpowered.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i X-System: FreeBSD i386 with kernel 5.1-RELEASE-p10 Sender: Wayne Pascoe Subject: Alias in different subnet on card X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Mar 2004 18:00:38 -0000 Hi all, I'm running a firewall at the moment using FreeBSD 5.2.1 and IPFW. I have 3 interfaces in the machine. I need to be able to firewall a 4th range of IP's. I have tried to do this by adding an alias to xl1, but this hasn't worked. If I add the alias with a mask of 255.255.255.255, no other machine can ping the alias. I also see the following in /var/log/messages Mar 8 18:02:13 styx-tmp kernel: arplookup 19x.xxx.xxx.196 failed: host is not on local network The primary IP on xl 1 is currently 19x.xxx.xxx.1 and the mask on there is 255.255.255.128 (/25) If I add the alias with a mask of 255.255.255.240 (/28) which is the correct mask for this subnet, and the mask that all other machines use, then I am able to ping this address. However, at this point, no forwarding appears to take place for machines using this IP address as their default route. Is there any way to use an alias to do firewalling like this or do I have to get another network card? The problem with another network card is that will mean a whole new machine as I'm out of slots in this one. Thanks in advance ? -- Wayne Pascoe Microsoft complaining about the source license used by Linux is like the event horizon calling the kettle black - adamba on k5