Virtual Network Interfaces

Tue Oct 31 16:10:34 UTC 2006

I was expecting replies to come back from freebsd-net at freebsd.org, so I
didn't see your response until now.  I want to keep the two networks
separate, so I don't want to bridge the internal and external directly.
Besides, since I have more machines than available IPs, I would have to
assign the internal-only machines to addresses that may not be available.  I
want to avoid such addressing overlaps.

Your other method is that I keep NAT on the internal interface as normal,
and then create VLANs, bridged to the external interface, to each computer
with an external IP.  Those machines would communicate as normal on the
internal network, but use the VLAN interface for external access.  I've not
used VLANs before, so I don't know exactly how they work.  I know the
wrapper causes some overhead, and my switch drops packets >1500 bytes.  Do I
have to lower the MTU on the internal network, or just the VLANs and
external?  Also, will my ISP know not to send the larger packets?

-----Original Message-----
From: Jeremie Le Hen [mailto:jeremie at le-hen.org] 
Sent: Monday, October 23, 2006 5:48 AM
To: Raymond Wagner
Cc: freebsd-net at freebsd.org
Subject: Re: Virtual Network Interfaces

Raymond,

On Sun, Oct 22, 2006 at 06:01:03PM +0200, Jeremie Le Hen wrote:
> On Mon, Oct 16, 2006 at 02:12:47AM -0400, Raymond Wagner wrote:
> > My ISP provides me up to 5 dynamically assigned addresses out of a /20
> > block.  I have more than 5 machines on my network, so I have no choice
but
> > to run NAT, however I would like to force two of those machines onto
their
> > own external addresses.  If I had static addresses, I could simply alias
the
> > addresses into the external interface and then use "binat" in pf to
redirect
> > the traffic. However, the addresses have to be requested from the DHCP
> > server, and expire after 4 hours.
> > 
> > I can get this to work by running the NAT function under QEMU and just
> > giving the virtual machine several interfaces bridged to the physical
> > external interface.  Running a VM is far from ideal.  Is there any way I
> > could set up a virtual network interface that could be bridged to the
true
> > interface and grab its own DHCP address?
> 
> I don't know if that works, but I would try the following setup.
> Supposing you have two physical interaces, an external one (ext0)
> and an internal one (int0), I would create a VLAN on int0 for
> each machine which have to have its own public address (vlan1
> and vlan2) and bridge { ext0, vlan1, vlan2 }.

I thought of another way this morning in my bathroom, which is far
neater, though I've not tested it.

First use if_bridge(4) to mingle ext0 and int0, then use the MAC
addresses to let through but the machines that are supposed to have
a public IP address; the other will have to use your FreeBSD as a
default gateway.

Regards,
-- 
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >