Bridging with two subnets
Yar Tikhiy
yar at comp.chem.msu.su
Fri Feb 9 20:02:43 UTC 2007
On Wed, Feb 07, 2007 at 12:46:09PM +0100, Andrea Venturoli wrote:
> Hello.
> I've got a firewall which has public IP xxx.xxx.xxx.2 on its first NIC.
> This is bridged with a second NIC which holds xxx.xxx.xxx.0/24.
> (I also have a third and fourth NIC which runs two private IP networks,
> which are NATted, but I don't think this matters).
>
> Everything is ok, but now I'm in need to also have a second public IP
> network on the second NIC, let's say yyy.yyy.yyy.0/24.
> A single upstream router provides us both public nets, but obviously
> with two different gateways (xxx.xxx.xxx.1 and yyy.yyy.yyy.1).
>
> The question is: is this possible?
>
> Do I only need to attach the additional yyy.yyy.yyy.0/24 boxes to the
> same switch?
> Do I need to ifconfig alias yyy.yyy.yyy.2 on the first NIC?
> What about the gateway then? Do I still set the first one only?
>
> My answers would be: Yes, No, Yes. I thought I'd ask, however.
My bet is Yes Yes No. Since your firewall does bridging between
the two NICs, your yyy.* hosts attached to the second NIC should
see yyy.1 transparently via the bridge. Just make sure your ipfw
doesn't filter the traffic if you filter bridged packets. The only
little problem will be that your firewall itself will see yyy.1 via
its default route to xxx.1. Oh, and of course your yyy.* hosts
must have their default routes set to yyy.1, not to yyy.2, which
isn't there. Your xxx.* hosts' default route is xxx.1, isn't it?
And IIRC you should assign IP addresses to the if_bridge interface
itself if you want the bridging host to participate in the bridged
network.
--
Yar
More information about the freebsd-net
mailing list