DragonFlyBSD not in compliance with RFC 1122
Gary Allan
dragonfly at gallan.plus.com
Wed Mar 16 12:35:38 PST 2005
Matthew Dillon wrote:
:Hello,
:
:I ran into a problem today. I administer a machine that needs to sit on
:two separate networks 192.168.2.2/24 and 192.168.15.2/24. The network
:card is configured as:
:
:xl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
: inet 192.168.15.2 netmask 0xffffff00 broadcast 192.168.15.255
: inet 192.168.2.2 netmask 0xffffff00 broadcast 192.168.2.255
: ether 00:10:5a:f7:6e:71
: media: Ethernet autoselect (100baseTX <full-duplex>)
: status: active
:
:The machine has a default route of 192.168.15.1.
:(Public IP addresses replaced with private.)
:
:All is well except that 192.168.2.2 is inaccessible from the Internet. A
:quick RTFM reveals that I need to add a second default gateway but it
:appears that this is not supported under FreeBSD 4 or DragonFly.
:
:http://lists.freebsd.org/pipermail/freebsd-i386/2003-October/000335.html
We definitely do not support multiple default gateways, but having two
internet-routable nets on the same interface ought to work as long as
your default router can deal with it. Make sure that
net.inet.ip.forwarding is set to 1 (via sysctl) and then you need to
run some tcpdump's on that interface and check:
(1) that the machine is receiving the ARP request to resolve 192.168.2.2.
(2) that the machine is responding to the ARP request.
(3) that the machine is receiving the packet meant for 192.168.2.2.
(4) then see if the machine is replying to it (e.g. assuming it's a ping
or something). The reply should be going out your default route.
(tell tcpdump to dump the MAC header too so you can be sure it is
being sent to the box defined by your default route).
There are several issues involved here.
-Matt
Matthew Dillon
<dillon at xxxxxxxxxxxxx>
The router in question is a Cisco and is dropping the packets from
192.168.2.0/24 that arrive on 192.168.15.1 due to anti-spoofing rules. I
was just hoping for an elegant solution. As I've mentioned I added a
work-around with IPFW but I'm not pleased with it.
I was quite surprised that FreeBSD doesn't support this even in 5.3. I
would have thought that the Zebra problem alone would be reason enough
to implement it. DragonFly is obviously affected too.
(The Debian machines I administer would just require a "route add
0.0.0.0 gw 192.168.2.1" to add the second default route.)
It's a problem that has gone unresolved in FreeBSD for over 18 months so
I guess it doesn't affect enough people to be a priority. I was just
wondering if it was planned for the ongoing DragonFly routing overhaul.
Regards
Gary
More information about the Users
mailing list