3 NICs - 1 upstream, 2 downstream to same subnet??

• Previous message: Artur Meski: "Re: strange connection attempts with 182.5.5.8."
• Next in thread: Charles Swiger: "Re: 3 NICs - 1 upstream, 2 downstream to same subnet??"
• Reply: Charles Swiger: "Re: 3 NICs - 1 upstream, 2 downstream to same subnet??"
• Reply: Nickolay A. Kritsky: "Re: 3 NICs - 1 upstream, 2 downstream to same subnet??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 02 Sep 2004 14:17:37 -0400
To: freebsd-net@freebsd.org

Hello All;
 Here is the puzzle

Config : 5.1-Release
3 xl interfaces xl0, xl1, xl2

I am trying to make a configuration to isolate the WiFi APs on a single
segment. DHCP hands out 'good' addresses (10.0.0.x) to MACs it
recognizes and 'bad' (10.99.0.x) when the MAC does not match and is
taken from the common pool.
I then will use ipfw to block the trespassers, but do a bit of data
collection at the same time. I don't expect much bad traffic here since
WEP will keep out the casual. Just a defense-in-depth thing.

I have the upstream interface on xl2 no problem;
I want to have 2 segments of 10.0.0.0/8 on xl0 and xl1

--pseudo commands)--

ifconfig xl2 inet 198.162.1.1
//upstream router
ifconfig xl1 inet 10.0.0.254 netmask 255.0.0.0 // this box =
default router + all wired machines
ifconfig xl0 inet 10.?.?.? netmask 255.0.0.0 // Wifi AP
segment + all wifi connections

--ipfw--
  deny ip from 10.99.0.0/16 to any in via xl0 // block trespassers

?? Is this possible?
?? What sort of ip address should xl0 have. When I gave it a 10.99.0.0
255.0.0.0 address, the netstat -rn said all 10 traffic was on xl0, whicj
was not true.
?? Will the OS route traffic comming in on xl0 (with good ips) throug
the stacks to xl1 and then on to xl0 for external traffic.
?? Will this act as a switch (mac specific) or a hub (broadcast mode).

  I have had problems with multiple interfaces if this type (xl). I
found that I had to insure all interfaces were down as each one was
configured. If another xl interface is up, an error message is returned
about an existing file.

Rip Toren

_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Artur Meski: "Re: strange connection attempts with 182.5.5.8."
• Next in thread: Charles Swiger: "Re: 3 NICs - 1 upstream, 2 downstream to same subnet??"
• Reply: Charles Swiger: "Re: 3 NICs - 1 upstream, 2 downstream to same subnet??"
• Reply: Nickolay A. Kritsky: "Re: 3 NICs - 1 upstream, 2 downstream to same subnet??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: 3 NICs - 1 upstream, 2 downstream to same subnet?? ... On Sep 2, 2004, at 2:17 PM, rip wrote: ... > I am trying to make a configuration to isolate the WiFi APs on a ... (freebsd-net) RE: [fw-wiz] Multiple small switches vs. a single big one; Granularity of control ... Can anyone with some good Cisco depth rebut these assumptions about a 6500-series switch "losing it's configuration?" ... >> separate switches, each segment can talk freely to all other servers ... >> on the segment but not outside, since the FW watches that route. ... (Firewall-Wizards) Re: Griffin Wants Inline SDLV and 5 Segment SRB/CEV ... Much less a *flight.* ... How hard could it be to insert an additional segment in an SRB? ... any reason to change the propellant configuration from the one used for the ... If the thrust profile of the existing SRM is adequate for the stick ... (sci.space.policy)