3 Nics - Dual (Tripe) Homed Host

Pavel Duda element at email.cz
Tue May 11 14:00:27 PDT 2004

Steven N. Fettig wrote:

> Travis Troyer wrote:
>> I have a FreeBSD system that acts as a NAT Gateway, currently 
>> providing on LAN with access to the Internet.  I have added a third 
>> NIC, connected to a second LAN.  The second LAN does not need internet 
>> access, but I would like it to be able to communicate with the first 
>> LAN.  I have tried reading various sources, but have not found 
>> anything dealing with this situation. I would appreciate any help.  
>> Below is a diagram of my current setup and the output of ifconfig.
>>                             Internet
>>                                 |
>>                 [ xl0: DHCP assigned ]
>>                            Router
>>                             |      |
>>             [ xl1:]  [ xl3:]
>> Output of ifconfig:
>>        options=8<VLAN_MTU>
>>        inet netmask 0xffffff00 broadcast
>>        ether 00:60:97:74:35:b0
>>        media: Ethernet autoselect (10baseT/UTP)
>>        status: active
>>        options=b<RXCSUM,TXCSUM,VLAN_MTU>
>>        inet netmask 0xffffff00 broadcast
>>        ether 00:01:02:37:93:eb
>>        media: Ethernet autoselect (100baseTX <full-duplex>)
>>        status: active
>>        options=b<RXCSUM,TXCSUM,VLAN_MTU>
>>        inet netmask 0xffffff00 broadcast
>>        ether 00:01:02:cc:63:d2
>>        media: Ethernet autoselect (100baseTX <full-duplex>)
>>        status: active
>> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
>>        inet netmask 0xff000000
> Travis,
> Although I have been dealing with routing for years, I can't claim I 
> really understand it well, so my advice may not be so intelligent, but 
> here's a stab at it anyway:
> I think what you want to do is to bridge both LAN's.  You need to tell 
> your gateway that in order to get to from, 
> you need to tell the routing tables that the route to is via 
> xl1 and vice versa.
> route add -interface xl1
> and vice versa:
> route add -interface xl2
> In the handbook, it says 
> (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bridging.html): 
> <--begin quote-->
> 19.5.4 Enabling the Bridge
> Add the line:
> net.link.ether.bridge=1
> to /etc/sysctl.conf to enable the bridge at runtime, and the line:
> net.link.ether.bridge_cfg=if1,if2
> to enable bridging on the specified interfaces (replace if1 and if2 with 
> the names of your two network interfaces). If you want the bridged 
> packets to be filtered by ipfw(8), you should add:
> net.link.ether.bridge_ipfw=1
> as well.
> For FreeBSD 5.2-RELEASE and later, use instead the following lines:
> net.link.ether.bridge.enable=1
> net.link.ether.bridge.config=if1,if2
> net.link.ether.bridge.ipfw=1
> <--end quote-->
> I am not sure if this will work, though, because I'm not sure what 
> effect (if any) it would have on the NAT from the 
> network.  You might want to first try this approach while NAT and the 
> firewall are turned off.  I have a similar situation that I want to 
> test, so I'd be curious if you succeed and how.
> Steve Fettig
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "freebsd-questions-unsubscribe at freebsd.org"

This should work fine with NAT. I was using similar setup during tests 
with wi-fi : server with wi-fi card (hostap and DHCP - 192.168.1.xxx 
range), one NIC connected to local LAN (192.168.0.xxx range) and one NIC 
for connection to my ISP ( to cable modem to be more specific ). Only 
people on local lan were able to connect to internet - this was 
controlled via ipfw rules.

More information about the freebsd-questions mailing list