two public ip addresses on one interface

Julian Elischer julian at elischer.org
Mon May 28 08:22:24 UTC 2007 

Wilkinson, Alex wrote:
>     0n Mon, May 28, 2007 at 11:43:21AM +0400, Eygene Ryabinkin wrote: 
> 
>     >Alex, good day.
>     >
>     >Sun, May 27, 2007 at 07:07:41PM +0800, Wilkinson, Alex wrote:
>     >>     > If your aliases are part of the same subnet as the "primary" or first configured IP, then you want to 
>     >>     > use the all-1's netmask.  In your case, however, the second IP is part of a completely different subnet, 
>     >>     > and you can (and should) use a /24 netmask....
>     >> 
>     >> I have always wondered why we need to use the "all-1's" netmask. Why is this ?
>     >
>     >Because if you're stuffing two addresses from the same subnet to
>     >one interface it will not work: there can be only one route to the
>     >specified network in the FreeBSD routing table.  And adding IP to
>     >the interface creates the entry in the routing table.  So you should
>     >specify the different mask and most probably 0xffffffff will be the
>     >best choice, but your mileage may vary with your routing needs.
> 
> mmm ... it looks like you can actually get around this on OpenBSD 4.1
> with their new "multiple routing table" code.
> 
> "Multiple routing tables. What does it mean for PF?
> 
>   Henning Brauer:
>   The kernel used to have one routing table per address
>   family--one for inet, one for inet6, one for IPsec, usually. Now it can have
>   multiple tables. From within PF, you can select which routing table should be
>   used for the route lookup later--you can implement policy routing with this. But
>   much more could be done--this is really only the groundwork. It could be
>   possible, in future, to have overlapping address ranges on interfaces and place
>   interfaces into different routing tables, forming a kind of virtual routers. And
>   of course, the routing daemons will learn to make more use of alternate
>   tables."

the trouble I have with this is that by the time pf or ipfw get to the packet,
the  routing has already been done.


> 
>  [http://www.onlamp.com/pub/a/bsd/2007/05/03/openbsd-41-puffy-strikes-again.html?page=2]
> 
>  -aW
> 
> IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914.  If you have received this email in error, you are requested to contact the sender and delete the email.
> 
> 
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"

More information about the freebsd-net mailing list