Routing into overlapping subnets
Steve Bertrand
steve at ibctech.ca
Tue Feb 23 01:10:36 UTC 2010
On 2010.02.18 00:31, Christian Ullrich wrote:
> * Steve Bertrand wrote:
>
>> On 2010.02.17 16:42, Christian Ullrich wrote:
>
>>> send the packet. Why doesn't the kernel look up an ARP table entry by
>>> both IP address and interface?
>>
>> That's not how the protocols were designed, and thankfully so. Imagine
>> the potential for spoofing if this were allowed by default ;)
>
> You're right, of course. I had not considered that.
>
>> I have a couple of ideas, but need to understand better of your setup.
>> Advise if this seems semi-accurate:
>>
>> - you house global resources for a bunch of clients at a central location
>> - you have limited public IP addresses to do this with, or your central
>> location is located within the same 'building' as all of the clients
>
> The latter.
>
>> - you have several clients with overlapping 1918 space
>> - you need a method to have two instances of eg 192.168.1.110 accessing
>> a single central resource, but which will be coming in on two separate
>> interfaces (physical or virtual)
>> - the central services (ie printer) doesn't have the capability to house
>> more than a single IPv4 address
>> - you do not want to be open to the potential for one client accessing
>> the others networks
>> - you have absolute control over the pf box
>>
>> is this right?
>
> Exactly right.
Contact me off-list, and I'll see if I can help with either cleaning
this up, or with a dirty hack.
We'll post any positive results to the list.
Steve
More information about the freebsd-net
mailing list