Re: can an alias address be routed through?
- From: "Joachim Schipper" <jdNoOtSPAMschipper@xxxxxxxxxx>
- Date: 27 Aug 2007 23:51:08 GMT
Szaba <jamess@xxxxxxxxxxx> wrote:
I have openBSD 3.8 box with 2 interfaces acting as a router between^^^
Don't do that. Upgrade, 3.8 has known vulnerabilities. And 4.2 is much
nicer. And upgrading is not too hard if you don't wait two years.
two internal networks.^^^^^^^
Inteface xl0 192.168.1.1 with a subnet mask of 255.255.0.0
The other interface sis0 has an address of 192.169.1.254 with a subnet
Don't do that, it's allocated.
mask of 255.255.0.0
It seems to be routing successfully between these two networks. Now
one device on the 192.168 network is a legacy device and i cannot
change its subnet mask - it is 192.168.222.1 and subnet 255.255.255.0
I thought i would just add an alias to xl0 of 192.168.222.254 with
subnet of 255.255.255.0 and hey presto from the gateway BSD console i
can ping everything. BUT from the 192.169 network It still doesnt
repond to ping. If i add a route
route add 192.168.222.1 192.168.222.254
I cannot ping 192.168.222.1 from the BSD box console anymore and it
still doesnt route from the other network.
my question: Can BSD route to an alias address on an interface or
not?
That really isn't relevant.
Having a completely wrong netmask will affect some things, like
broadcasts, but should not cause simple unicast TCP or UDP or ICMP over
IP to break. In other words, no matter what your netmask, your gateway
should be able to ping the device, and the device should be able to
respond.
What is more, if you don't play around with aliases, traffic from the
other side of the gateway to the device most likely works, too.
However, traffic from the same side of the gateway probably breaks,
because the routing table on this legacy device sends replies to the
gateway, instead of the sending host.
If all of the above is correct, is a proper statement of what you
consider the problem, and applies to your situation, there are two
simple solutions:
1. Add another interface for 192.168.222.0/24 to your gateway (an alias
might or might not work - I don't know).
Update *all* hosts in 192.168.0.0/24 to reflect this setup (route add
192.168.222.0/24 192.168.1.1 if the device is not in 192.168.222.0/24;
change netmask otherwise), except the legacy device which happens to be
configured correctly.
2. Set up a sane structure for 192.168.0.0/16; subdividing into /24
networks probably makes sense anyway, leaves you with plenty of address
space (so no need to use 192.169.0.0/24 - if you *really* need more
adresses, use a subnet of either 10.0.0.0/8 or 172.16.0.0/12), and
solves this issue as a side-effect.
The complicated solution involves catching the responses from your
legacy device on the gateway, and rewriting and resending them to make
it look like the device replied immediately to the sender. This is
complex, error-prone, and completely wrong.
Joachim
.
- Follow-Ups:
- Re: can an alias address be routed through?
- From: Clever Monkey
- Re: can an alias address be routed through?
- References:
- can an alias address be routed through?
- From: Szaba
- can an alias address be routed through?
- Prev by Date: Re: pkg_add and EPSV
- Next by Date: Re: pkg_add and EPSV
- Previous by thread: can an alias address be routed through?
- Next by thread: Re: can an alias address be routed through?
- Index(es):
Relevant Pages
|
