Alias in different subnet on card

From: Wayne Pascoe (freebsd-feb_at_penguinpowered.org)
Date: 03/08/04

  • Next message: Ksenia Marasanova: "tcpflow and lo0" 
    Date: Mon, 8 Mar 2004 18:02:21 +0000
To: freebsd-questions@freebsd.org

    Hi all,

    I'm running a firewall at the moment using FreeBSD 5.2.1 and IPFW. I
    have 3 interfaces in the machine.

    I need to be able to firewall a 4th range of IP's. I have tried to do
    this by adding an alias to xl1, but this hasn't worked. If I add the
    alias with a mask of 255.255.255.255, no other machine can ping the
    alias. I also see the following in /var/log/messages
    Mar 8 18:02:13 styx-tmp kernel: arplookup 19x.xxx.xxx.196 failed: host
    is not on local network

    The primary IP on xl 1 is currently 19x.xxx.xxx.1 and the mask on there is
    255.255.255.128 (/25)

    If I add the alias with a mask of 255.255.255.240 (/28) which is the
    correct mask for this subnet, and the mask that all other machines use,
    then I am able to ping this address. However, at this point, no
    forwarding appears to take place for machines using this IP address as
    their default route.

    Is there any way to use an alias to do firewalling like this or do I
    have to get another network card? The problem with another network card
    is that will mean a whole new machine as I'm out of slots in this one.

    Thanks in advance ? 

    -- 
Wayne Pascoe
Microsoft complaining about the source 
license used by Linux is like the event 
horizon calling the kettle black - adamba on k5
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
  • Next message: Ksenia Marasanova: "tcpflow and lo0"

    Relevant Pages

    • Re: Alias in different subnet on card
      ... Alias in different subnet on card ... > I'm running a firewall at the moment using FreeBSD 5.2.1 and IPFW. ... > this by adding an alias to xl1, ... > have to get another network card? ...
      (freebsd-questions)
    • Re: samba server on opensuse 10.2 problem
      ... changes the firewall it does not effctively open it up for smb access. ... only one Linux domain controller and no Windows domain controller. ... directory mask = 0700 ...
      (alt.os.linux.suse)
    • Re: Exchange ports through firewall?
      ... in this case if you want to provide clients RPC/MAPI access across a firewall, you can restrict clients and server to a narrower range of ports, or alternatively open a lot more ports on the firewall. ... Please do not send email directly to this alias. ... - The following KBA and others listed in its References section have the information you're looking for about Outlook/MAPI client connectivity to Exchange: ...
      (microsoft.public.exchange.admin)
    • Re: The name could not be matched to a name in the address list
      ... The alias, DNS and Firewall. ... I will install outlook 2003 on my old laptop. ...
      (microsoft.public.exchange.clients)
    • RE: natd with several alias IPs
      ... you by your ISP and you want to round robin those 4 in the NATing ... firewall can do that by how you code the NAT statements. ... natd with several alias IPs ...
      (freebsd-questions)