3 NICs - 1 upstream, 2 downstream to same subnet??
rip at bronzedragon.net
Thu Sep 2 11:17:43 PDT 2004
Here is the puzzle
Config : 5.1-Release
3 xl interfaces xl0, xl1, xl2
I am trying to make a configuration to isolate the WiFi APs on a single
segment. DHCP hands out 'good' addresses (10.0.0.x) to MACs it
recognizes and 'bad' (10.99.0.x) when the MAC does not match and is
taken from the common pool.
I then will use ipfw to block the trespassers, but do a bit of data
collection at the same time. I don't expect much bad traffic here since
WEP will keep out the casual. Just a defense-in-depth thing.
I have the upstream interface on xl2 no problem;
I want to have 2 segments of 10.0.0.0/8 on xl0 and xl1
ifconfig xl2 inet 18.104.22.168
ifconfig xl1 inet 10.0.0.254 netmask 255.0.0.0 // this box =
default router + all wired machines
ifconfig xl0 inet 10.?.?.? netmask 255.0.0.0 // Wifi AP
segment + all wifi connections
deny ip from 10.99.0.0/16 to any in via xl0 // block trespassers
?? Is this possible?
?? What sort of ip address should xl0 have. When I gave it a 10.99.0.0
255.0.0.0 address, the netstat -rn said all 10 traffic was on xl0, whicj
was not true.
?? Will the OS route traffic comming in on xl0 (with good ips) throug
the stacks to xl1 and then on to xl0 for external traffic.
?? Will this act as a switch (mac specific) or a hub (broadcast mode).
I have had problems with multiple interfaces if this type (xl). I
found that I had to insure all interfaces were down as each one was
configured. If another xl interface is up, an error message is returned
about an existing file.
More information about the freebsd-net