[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: throwing out the switch



On 4/9/06, Joachim Schipper <j_(_dot_)_schipper_(_at_)_math_(_dot_)_uu_(_dot_)_nl> wrote:
> On Sun, Apr 09, 2006 at 01:10:21PM -0400, Jeff Quast wrote:
> > On 4/9/06, Joachim Schipper <j_(_dot_)_schipper_(_at_)_math_(_dot_)_uu_(_dot_)_nl> wrote:
> > > On Sat, Apr 08, 2006 at 01:04:33PM -0400, Jeff Quast wrote:
> > > > I've been using openbsd+pf for a router for some time at a neighbor's
> > > > house. The router has been upgraded and now has several NIC's.
> > > >
> > > > I'd like to use multiple interfaces with crossover cables instead of a
> > > > single interface with a switch behind it for the internal network, how
> > > > would this best be done? I attempted to bridge all of the internal
> > > > interfaces, but I don't think this would do what I need it to, since a
> > > > bridge can't have an IP address, and it did not apear to work.
> > >
> > > You could bridge them - this would be the classical 'switch' solution.
> > > How to get this done is another question.
> >
> > dc0 was the classic internal interface running dhcpd. I kept that
> > interface as-is.
> >
> > I set dc1, dc2, and rl0 as (only) "up" in their hostname.if files.
> >
> > I placed dc0, dc1, dc2, and rl0 into bridgename.bridge0 with default
> > settings, like add dc0 add dc1, etc.
> >
> > brconfig showed bridge0 as it probobly should apear. Mac addresses of
> > each client were listed on the proper port.
>
> That looks good.
>
> > dhcpd would not respond to client requests. I could use tcpdump on,
> > say rl0 and see the dhcpd requests, but I did not see it on dc0. with
> > IP addresses set manually, a client on dc2 could not ping a client of
> > the same subnet on dc1, etc. I assumed the bridge did not do what I
> > thought it was supposed to do, and dropped it.
>
> Hmm, someone else will have to debug that. It'd probably be the
> easiest/best solution, but I've never configured a bridge.
>
> > So I assigned each NIC an IP address of *.1, .2, .3, and .4.
> >
> > I assumed with IP forwarding, a client connected to the .4 NIC could
> > reach the .1 NIC. I was wrong with that as well.
> >
> > I enabled the bridge again with the internal NIC's having an IP
> > assigned A client connected to the .4 NIC still could not reach .1, or
> > a client connected to .1.
>
> Have you set net.inet.ip{,6}.forwarding?

Yes of course, it has been performing as a router for a while now with
a single NIC for the local network. I did double-check it when i saw
that behavior, though, and it is set.

>
> > > The other solution is to run it as a classical router serving a lot of
> > > /32 subnets.
> > >
> > > Exactly what do you have problems with?
> >
> > I am guessing I did something fundamentaly wrong here?
>
> Probably, but what? ;-)
>
>                 Joachim
>
>

Thanks for your help, Joachim. I'll do a fresh install and try again
when my 3.9 cd's arrive. Maybe I have stale configurations somewhere.

I have a very difficult time finding anybody on mail archives or
google doing something similar. The only information I can find is for
tranparent firewalls.

Does anybody have a link of somebody performing something similar?