From owner-freebsd-questions@FreeBSD.ORG Mon Jun 21 20:33:43 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9EA0516A4CF for ; Mon, 21 Jun 2004 20:33:43 +0000 (GMT) Received: from pursued-with.net (adsl-66-125-9-244.dsl.sndg02.pacbell.net [66.125.9.244]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5EA3043D2D for ; Mon, 21 Jun 2004 20:33:43 +0000 (GMT) (envelope-from freebsd@pursued-with.net) Received: from babelfish.pursued-with.net (babelfish.pursued-with.net [10.0.0.42]) by pursued-with.net (Postfix) with ESMTP id 160561A22AC; Mon, 21 Jun 2004 13:34:56 -0700 (PDT) Date: Mon, 21 Jun 2004 13:34:56 -0700 (PDT) From: Kevin Stevens To: John Lee , freebsd-questions@freebsd.org In-Reply-To: <4E165AB1-C212-11D8-91AC-000A95D7C3C6@pursued-with.net> Message-ID: References: <005f01c455fe$f01bbba0$fa10fea9@astral> <4E165AB1-C212-11D8-91AC-000A95D7C3C6@pursued-with.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: blocking internally X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd@pursued-with.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jun 2004 20:33:43 -0000 Was there any followup on this, John? -- KeS On Sat, 19 Jun 2004, Kevin Stevens wrote: > > On Jun 19, 2004, at 06:11, John Lee wrote: > > > hi, i have 7 ips on one box, however they can't connect internally > > to each other IP ports. please advise. > > Counting below, you only reference 6 IP addresses on the box: > 63.223.65.192, 63.223.65.193, 63.223.71.2, 63.223.71.3, 63.223.71.4, > and 63.223.71.5. What's the seventh one? > > > here's my setup: > > > > rc.conf: > > defaultrouter="63.223.65.1" > > ifconfig_sis0="inet 63.223.65.192 netmask 255.255.255.0" > > > > /etc/ips.added: > > ifconfig sis0 inet 63.223.65.193/32 alias > > Ok. BTW, these statements indicate that you own an entire class C of > public address space. That seems unlikely, and if it's not the case, > you shouldn't be using the addresses. > > > ifconfig sis0 inet 63.223.71.2/32 alias > > ifconfig sis0 inet 63.223.71.3/32 alias > > ifconfig sis0 inet 63.223.71.4/32 alias > > ifconfig sis0 inet 63.223.71.5/32 alias > > Problem here. These addresses are not in the same subnet as the > primary address (63.223.65.0/24). Therefore you shouldn't use a /32 > for them, you should use the actual netmask. This is definitely true > for the FIRST 63.223.71.x address, and I *think* it's true for the > others as well. I've never actually seen an example of assigning > multiple IPs for a second subnet under FreeBSD. > > > route add 63.223.65.193 63.223.65.1 > > This is broken. You're saying "route any traffic this host is sending, > destined for itself, to an external gateway". I really doubt you want > to do that. > > > route add 63.223.71.2 63.223.71.1 > > route add 63.223.71.3 63.223.71.1 > > route add 63.223.71.4 63.223.71.1 > > route add 63.223.71.5 63.223.71.1 > > Again broken, for the same reasons. You don't normally enter routing > statements for your OWN IP addresses, you enter routing statements that > describe how to reach OTHER addresses/networks. > > KeS > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >