DragonFlyBSD not in compliance with RFC 1122

Gary Allan dragonfly at gallan.plus.com
Fri Mar 18 11:10:29 PST 2005 

sam wrote:
Jeffrey Hsu wrote:

Gary Allan wrote:

Hello,

I ran into a problem today. I administer a machine that needs to sit 
on two separate networks 192.168.2.2/24 and 192.168.15.2/24. The 
network card is configured as:

xl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.15.2 netmask 0xffffff00 broadcast 192.168.15.255
        inet 192.168.2.2 netmask 0xffffff00 broadcast 192.168.2.255
        ether 00:10:5a:f7:6e:71
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
The machine has a default route of 192.168.15.1.
(Public IP addresses replaced with private.)
All is well except that 192.168.2.2 is inaccessible from the 
Internet. A quick RTFM reveals that I need to add a second default 
gateway

I've resolved this by using IPFW to forward the necessary traffic 
from 192.168.2.0/24 to the 192.168.2.1 router but feel this is a bit 
of a bodge. I've noticed recent routing code commits so I'm hoping 
this is a good time


Can't you just add
 route add 192.168.2/24 192.168.2.1
this should work. I use this static route from internet to the internal 
LAN which located behind the second freebsd gateway.

Sam.
Hello,

Adding "route add 192.168.2/24 192.168.2.1" isn't appropriate as no 
gateway is necessary to access the 192.168.2.0/24 subnet (See the alias 
192.168.2.2 netmask 0xffffff00). In fact there is already a 192.168.2 
route entry and the attempt fails with "File exists".

192.168.2          link#1             UC          6        0    xl0

Traffic to 192.168.2.0/24 or 192.168.15.0/24 makes use of ARP. Traffic 
to any other routable address needs to utilise a gateway. In this case 
what is needed is for traffic originating from 192.168.2.2 to be 
forwarded to 192.168.2.1 and traffic originating from 192.168.15.2 to be 
forwarded to 192.168.15.1. This is why multiple default routes are 
needed (RFC 1122).

Currently traffic from 192.168.2.2 is being forwarded to 192.168.15.1 
and is being dropped due to anti-spoofing rules on the router. (Only 
traffic from 192.168.15.0/24 should arrive on 192.168.15.1.)

Hope this clears things up.

Gary

(Addresses changed to protect the innocent.)

More information about the Users mailing list