Date: Wed, 23 Aug 2000 00:31:11 -0700 From: "Larry Skarpness Jr." <larry@chainsoft.com> To: "Emmanuel Gravel" <egravel@earthlink.net> Cc: "Crist J . Clark" <cjclark@reflexnet.net>, <freebsd-questions@FreeBSD.ORG> Subject: Re: ARP issues with 2 or more multi-homed interfaces on same physical LAN Message-ID: <001e01c00cd4$1d046040$0a00a8c0@chainsoft.com> References: <Pine.BSF.4.10.10008220246190.2305-100000@parmenides.utp.net> <200008220514.WAA24408@avocet.prod.itd.earthlink.net> <200008230226.TAA23956@falcon.prod.itd.earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
O.K. I've spent some time thinking about this, and finally saw the light. So, I've multi-homed the 2 cable IPs onto one NIC, and static NAT'd one of them back to the other host on the private net. I agree that this is a much better solution. Thanks for your persistence. ----- Original Message ----- From: "Emmanuel Gravel" <egravel@earthlink.net> To: "Larry Skarpness Jr." <larry@chainsoft.com> Sent: Tuesday, August 22, 2000 7:31 PM Subject: Re: ARP issues with 2 or more multi-homed interfaces on same physical LAN > There's one thing you're not understanding. One way or another, your > FreeBSD system is the gate between your network and the outside > world. Your cable modem doesn't exist for your other systems, so there's > no reason to have them all on the same physical network (i.e. the hub). > Even, it should be reason enough to keep them physically separate. > Up to now, nothing here really answers what you said (to your liking > anyway since I was the second person to tell you this). > > Now, you don't need to buy an extra hub to get the cable modem > connected to your system. What you need is a cross-over cable. > Something of a "null hub". You should have gotten one when you > got your cable modem installed. Essentially, this cable won't work > on the hub, since it's transmit and receive lines are crossed. So > you get a setup which looks kinda like this: > > _________ _______ _________ ________ > | | | | | | | | > | Sys 1 |--| Hub |--| Sys 2 |--| C.M. | > | | | | | | | | > --------- ------- --------- -------- > > (I hope you're using straight ASCII because this looks horrible in > Eudora). > > This setup will give you a boost in network performance. If security > isn't a concern to you, performance should. Keeping networks > physically separated is a GOOD thing. Any OS powerful enough > to be dual homed will complain if it sees packets destined for one > interface anywhere near the second interface. The whole objective > of having two interfaces describing two different networks is to have > two separate networks, in all means possible, including a different > "hub" of some kind. If you really want to keep them all on the same > "bus" get a switch. It'll stop complaining altogether and give you > the same performance results, or better. But even there I'd still keep > things very separate. Most everybody else on this list would too. > Why? It just goes with the philosophy of having two networks bridged > by a system (in this case acting as a router). Anything else just > isn't "kosher". > > Hope this answers your concerns a little more :) > > At 10:18 AM 8/22/00 -0700, you wrote: > >OK. I'm getting some great responses here. I appreciate the effort. Let > >me explain futher. > > > >In this case the cable modem does not leak my private network traffic. It > >appearently only transmits packets that it can route. It only allows the > >IPs that my ISP has given me to connect with it. I can actually verify this > >by watching the transmit LED, and it does not light during private network > >activity. I've also never seen anyone elses private network packets come > >across. > > > >Remember that I must connect TWO different machines via the same cable > >modem, and the only way to do this is with a hub. These same two machines > >must also be on the private net. I did start out with just NICA in Machine > >1 (FreeBSD), but then my Firewall and NAT did not work properly (or was > >exceedingly complex to deal with) because of issues being on the same > >interface. So I abandoned that fiasco and went to the two NIC > >configuration. > > > >I could buy another hub, and could even put another NIC in machine 2. Then > >the my private could be physically seperated from the public nets. But that > >seems like overkill. The cable modem is already logically filtering the > >private network out. I'm currently only connecting 3 machines. For its > >intended purposes this configuration is not causing a security problem or > >performance problem. The current network capacity (including any overhead > >incurred on all machines) is completely underutilized. > > > >Would it be reasonable for an OS to handle this configuration without a > >constant stream of complaints? > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001e01c00cd4$1d046040$0a00a8c0>