interface aliases and tap devices

Gerrit Kühn gerrit at pmp.uni-hannover.de
Wed Feb 27 14:38:26 UTC 2008 

Hello,

I have two stories to tell meanwhile, the first comes here in form of a
forward from a question I posted on the discussion list for dnsmasq
(ports/dns/dnsmasq):


---
Begin forwarded message:

Date: Wed, 27 Feb 2008 09:28:28 +0000
From: Simon Kelley <simon at thekelleys.org.uk>
To: Gerrit Kühn <gerrit at pmp.uni-hannover.de>
Cc: dnsmasq-discuss at thekelleys.org.uk
Subject: Re: [Dnsmasq-discuss] question about subnets and interface aliases


Gerrit Kühn wrote:
> Hi folks,
> 
> I have a private network here (192.168.0.0/16) which I have separated
> in 8 subnets (192.168.0.0/19, 192.168.32.0/19 and so on). I want to
> run dnsmasq to serve as dns and dhcp server, but only on one machine.
> As the separation of the subnets is purely of logical nature and not 
> physical (everything on the same switched network), I have configured
> this machine with the primary IP address 192.168.0.254/19 and put IP
> aliases for all other subnets (192.168.32.254/19 and so on) on that
> interface. The free dhcp IP-range for unknown hosts is in the first
> subnet (192.168.30.0/24), all others shall be fixed-host entries
> which are identified via their MAC addresses.
> 
> Now I see the following behaviour: dhcp-addresses are delivered from
> the free segment to unknown hosts as designed. However, fixed-host
> entries only work if they come from the first subnet
> (192.168.0.0/19). If I have dhcp-host entries for any other subnet,
> they are completely ignored and the requesting hosts gets an IP from
> the free range for unknown hosts instead.
> 
> Is my setup completely screwed up and something one should not do, or
> does anyone here have an idea how to get things right? I'm using
> FreeBSD 7-stable and dnsmasq 2.40 (if that matters).

It does matter, specifically the FreeBSD bit. On Linux, the above
arrangement will work, (or at least can be made to work). The code for
determining the IP parameters of an interface on *BSD knows nothing
about aliases, so it can't work.


> Any hint is appreciated.

If you are, or can find, a FreeBSD networking guru who can upgrade the
code in src/bpf.c I'm happy to take a patch.....

Cheers,

Simon.
---


As I am definitely not the networking guru who could do this, I thought it
would be a good idea to ask here if anyone is interested in helping out.

The second story is connected with the first:
As the problem for dnsmasq seems to be that it cannot handle more than one
IP per interface, I came up with the idea if setting up one IP on the
physical interface and 7 more on 7 virtual tap devices. Then I bound the
tap devices together with the physical interface on a bridge interface.
This setup works insofar that I can ping all 8 addresses and receive
answers. ssh connections and so on work, too. However, the dhcp client
broadcasts do not reach dnsmasq, although I configured it to listen on
all 8 interfaces.
Even more strange to me was that I discovered that the virtual tap
interfaces see nothing of the traffic. If I run tcpdump on the tap devices
(or even on the bridge interface), I see /nothing/ of the traffic which is
actually directed to one of the IPs the tap devices carry. I see
everything floating though the physical interface, though.
I actually thought that the traffic would reach the tap interfaces and
could be processed there with other software like tcpdump or dnsmasq. Why
is this not the case?


cu
  Gerrit

More information about the freebsd-net mailing list