Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 17 Feb 2010 22:42:07 +0100
From:      Christian Ullrich <chris@chrullrich.net>
To:        freebsd-net@freebsd.org
Subject:   Routing into overlapping subnets
Message-ID:  <4B7C62AF.6000904@chrullrich.net>

next in thread | raw e-mail | index | archive | help
Hello all,

I'm having a routing problem I can't wrap my head around. Consider this 
situation: I want to provide some common resources (printers etc.) to a 
number of clients in separate networks. They each have their own 
physical network, and these networks are supposed to stay isolated, with 
the exception of what I'm trying to set up. I have no control over the 
IP addressing used by the clients, except that it's all RFC1918, but as 
far as I know, they are all using the same addresses.

What I thought would work was this: On a central switch, set up one VLAN 
per client network and ensure that the switch only forwards between the 
port assigned to the client and one (trunk) port where I put my router. 
On the router, create the required VLAN interfaces and put the "public" 
addresses for my printers on them (one in each RFC1918 net, but the same 
on each VLAN), then use pf to NAT the destination for packets coming in 
on each VLAN to the actual printers, and use "reply-to" to make sure the 
responses go out through the same interface.

Now I'm stuck. With one client, that works fine, but when I add another 
one (different interface, same client address), the packets are dropped 
and dmesg shows lots of "arpresolve: can't allocate llinfo for (client 
address)". I suppose that's because there is already an ARP entry for 
that IP address, and the kernel cannot add another one.

If that's true, here's what I don't understand: When the time comes to 
resolve IP addresses to hardware addresses, the kernel has already 
routed the packet to an outgoing interface, so it should be enough to 
consider the ARP entries associated with that interface to know where to 
send the packet. Why doesn't the kernel look up an ARP table entry by 
both IP address and interface?

Is there anything I can do to make this work? It's not an everyday 
setup, I know, but I'd really like to make it work.

Thanks for any help.

-- 
Christian



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B7C62AF.6000904>