Date: Thu, 18 Feb 2010 06:31:55 +0100 From: Christian Ullrich <chris@chrullrich.net> To: freebsd-net@freebsd.org Subject: Re: Routing into overlapping subnets Message-ID: <4B7CD0CB.4080105@chrullrich.net> In-Reply-To: <4B7CA72A.4050202@ibctech.ca> References: <4B7C62AF.6000904@chrullrich.net> <4B7CA72A.4050202@ibctech.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
* Steve Bertrand wrote: > On 2010.02.17 16:42, Christian Ullrich wrote: >> send the packet. Why doesn't the kernel look up an ARP table entry by >> both IP address and interface? > > That's not how the protocols were designed, and thankfully so. Imagine > the potential for spoofing if this were allowed by default ;) You're right, of course. I had not considered that. > I have a couple of ideas, but need to understand better of your setup. > Advise if this seems semi-accurate: > > - you house global resources for a bunch of clients at a central location > - you have limited public IP addresses to do this with, or your central > location is located within the same 'building' as all of the clients The latter. > - you have several clients with overlapping 1918 space > - you need a method to have two instances of eg 192.168.1.110 accessing > a single central resource, but which will be coming in on two separate > interfaces (physical or virtual) > - the central services (ie printer) doesn't have the capability to house > more than a single IPv4 address > - you do not want to be open to the potential for one client accessing > the others networks > - you have absolute control over the pf box > > is this right? Exactly right. -- Christian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B7CD0CB.4080105>