Re: throwing out the switch
On 4/10/06, Frank Garcia <[EMAIL PROTECTED]> wrote: > > On Apr 9, 2006, at 12:10 PM, Jeff Quast wrote: > > > On 4/9/06, Joachim Schipper <[EMAIL PROTECTED]> wrote: > >> On Sat, Apr 08, 2006 at 01:04:33PM -0400, Jeff Quast wrote: > >>> I've been using openbsd+pf for a router for some time at a > >>> neighbor's > >>> house. The router has been upgraded and now has several NIC's. > >>> > >>> I'd like to use multiple interfaces with crossover cables instead > >>> of a > >>> single interface with a switch behind it for the internal > >>> network, how > >>> would this best be done? I attempted to bridge all of the internal > >>> interfaces, but I don't think this would do what I need it to, > >>> since a > >>> bridge can't have an IP address, and it did not apear to work. > >> > >> You could bridge them - this would be the classical 'switch' > >> solution. > >> How to get this done is another question. > > > > dc0 was the classic internal interface running dhcpd. I kept that > > interface as-is. > > > > I set dc1, dc2, and rl0 as (only) "up" in their hostname.if files. > > > > I placed dc0, dc1, dc2, and rl0 into bridgename.bridge0 with default > > settings, like add dc0 add dc1, etc. > > > > brconfig showed bridge0 as it probobly should apear. Mac addresses of > > each client were listed on the proper port. > > > > dhcpd would not respond to client requests. I could use tcpdump on, > > say rl0 and see the dhcpd requests, but I did not see it on dc0. with > > IP addresses set manually, a client on dc2 could not ping a client of > > the same subnet on dc1, etc. I assumed the bridge did not do what I > > thought it was supposed to do, and dropped it. > > Did you tell dhcpd to listen on the bridge (or the individual > interfaces) in /etc/dhcpd.interfaces? > > > Frank > The individual interface, I did not try to assign an IP address to bridge0, I was given the impression that you do not do that from the manpage. Thanks Frank! Hopefully that will resolve the issue.
Re: throwing out the switch
On Apr 9, 2006, at 12:10 PM, Jeff Quast wrote: On 4/9/06, Joachim Schipper <[EMAIL PROTECTED]> wrote: On Sat, Apr 08, 2006 at 01:04:33PM -0400, Jeff Quast wrote: I've been using openbsd+pf for a router for some time at a neighbor's house. The router has been upgraded and now has several NIC's. I'd like to use multiple interfaces with crossover cables instead of a single interface with a switch behind it for the internal network, how would this best be done? I attempted to bridge all of the internal interfaces, but I don't think this would do what I need it to, since a bridge can't have an IP address, and it did not apear to work. You could bridge them - this would be the classical 'switch' solution. How to get this done is another question. dc0 was the classic internal interface running dhcpd. I kept that interface as-is. I set dc1, dc2, and rl0 as (only) "up" in their hostname.if files. I placed dc0, dc1, dc2, and rl0 into bridgename.bridge0 with default settings, like add dc0 add dc1, etc. brconfig showed bridge0 as it probobly should apear. Mac addresses of each client were listed on the proper port. dhcpd would not respond to client requests. I could use tcpdump on, say rl0 and see the dhcpd requests, but I did not see it on dc0. with IP addresses set manually, a client on dc2 could not ping a client of the same subnet on dc1, etc. I assumed the bridge did not do what I thought it was supposed to do, and dropped it. Did you tell dhcpd to listen on the bridge (or the individual interfaces) in /etc/dhcpd.interfaces? Frank
Re: throwing out the switch
On 4/9/06, Mark Pecaut <[EMAIL PROTECTED]> wrote:
> Sorry if I missed something you mentioned before but what exactly are
> you trying to do?
>
> I've used bridges several times before and it sounds like you are
> doing the right stuff (there is not much to do).
It seemed easy enough, I just was not getting the expected behavior.
> The rule is
> generally that if you want your host to connect two physically
> separate networks that are on the same subnet, use a bridge. For
> example, an ISP assigns you 8 IPs and you want to use them all but
> want a common firewall in front of them all but don't want nat.
>
> If you want to nat or otherwise connect two subnets together, that is
> when you need routing and ip forwarding on.
>
> Can you give some information on how you want to connect everything
> and the problem/goal? I'd be happy to help if I can.
>
> -mark
Previously, this machine performed NAT with two NIC's.
One NIC to the ISP, the other NIC to a switch to serve a few clients.
The machine was upgraded, with several more NIC's. I thought I would
take the switch out (hence the subject), and have the clients connect
directly to the NIC's instead. There is currently only 2 clients,
anyway.
I put all but external NIC on a bridge. I thought I would post because
I might have had the wrong idea about what a bridge would be used for.
I will just have to give it another shot when my cd's arrive.
>
> On 4/9/06, Jeff Quast <[EMAIL PROTECTED]> wrote:
> > On 4/9/06, Joachim Schipper <[EMAIL PROTECTED]> wrote:
> > > On Sun, Apr 09, 2006 at 01:10:21PM -0400, Jeff Quast wrote:
> > > > On 4/9/06, Joachim Schipper <[EMAIL PROTECTED]> wrote:
> > > > > On Sat, Apr 08, 2006 at 01:04:33PM -0400, Jeff Quast wrote:
> > > > > > I've been using openbsd+pf for a router for some time at a
> > neighbor's
> > > > > > house. The router has been upgraded and now has several NIC's.
> > > > > >
> > > > > > I'd like to use multiple interfaces with crossover cables instead of
> > a
> > > > > > single interface with a switch behind it for the internal network,
> > how
> > > > > > would this best be done? I attempted to bridge all of the internal
> > > > > > interfaces, but I don't think this would do what I need it to, since
> > a
> > > > > > bridge can't have an IP address, and it did not apear to work.
> > > > >
> > > > > You could bridge them - this would be the classical 'switch' solution.
> > > > > How to get this done is another question.
> > > >
> > > > dc0 was the classic internal interface running dhcpd. I kept that
> > > > interface as-is.
> > > >
> > > > I set dc1, dc2, and rl0 as (only) "up" in their hostname.if files.
> > > >
> > > > I placed dc0, dc1, dc2, and rl0 into bridgename.bridge0 with default
> > > > settings, like add dc0 add dc1, etc.
> > > >
> > > > brconfig showed bridge0 as it probobly should apear. Mac addresses of
> > > > each client were listed on the proper port.
> > >
> > > That looks good.
> > >
> > > > dhcpd would not respond to client requests. I could use tcpdump on,
> > > > say rl0 and see the dhcpd requests, but I did not see it on dc0. with
> > > > IP addresses set manually, a client on dc2 could not ping a client of
> > > > the same subnet on dc1, etc. I assumed the bridge did not do what I
> > > > thought it was supposed to do, and dropped it.
> > >
> > > Hmm, someone else will have to debug that. It'd probably be the
> > > easiest/best solution, but I've never configured a bridge.
> > >
> > > > So I assigned each NIC an IP address of *.1, .2, .3, and .4.
> > > >
> > > > I assumed with IP forwarding, a client connected to the .4 NIC could
> > > > reach the .1 NIC. I was wrong with that as well.
> > > >
> > > > I enabled the bridge again with the internal NIC's having an IP
> > > > assigned A client connected to the .4 NIC still could not reach .1, or
> > > > a client connected to .1.
> > >
> > > Have you set net.inet.ip{,6}.forwarding?
> >
> > Yes of course, it has been performing as a router for a while now with
> > a single NIC for the local network. I did double-check it when i saw
> > that behavior, though, and it is set.
> >
> > >
> > > > > The other solution is to run it as a classical router serving a lot of
> > > > > /32 subnets.
> > > > >
> > > > > Exactly what do you have problems with?
> > > >
> > > > I am guessing I did something fundamentaly wrong here?
> > >
> > > Probably, but what? ;-)
> > >
> > > Joachim
> > >
> > >
> >
> > Thanks for your help, Joachim. I'll do a fresh install and try again
> > when my 3.9 cd's arrive. Maybe I have stale configurations somewhere.
> >
> > I have a very difficult time finding anybody on mail archives or
> > google doing something similar. The only information I can find is for
> > tranparent firewalls.
> >
> > Does anybody have a link of somebody performing something similar?
Re: throwing out the switch
On 4/9/06, Joachim Schipper <[EMAIL PROTECTED]> wrote:
> On Sun, Apr 09, 2006 at 01:10:21PM -0400, Jeff Quast wrote:
> > On 4/9/06, Joachim Schipper <[EMAIL PROTECTED]> wrote:
> > > On Sat, Apr 08, 2006 at 01:04:33PM -0400, Jeff Quast wrote:
> > > > I've been using openbsd+pf for a router for some time at a neighbor's
> > > > house. The router has been upgraded and now has several NIC's.
> > > >
> > > > I'd like to use multiple interfaces with crossover cables instead of a
> > > > single interface with a switch behind it for the internal network, how
> > > > would this best be done? I attempted to bridge all of the internal
> > > > interfaces, but I don't think this would do what I need it to, since a
> > > > bridge can't have an IP address, and it did not apear to work.
> > >
> > > You could bridge them - this would be the classical 'switch' solution.
> > > How to get this done is another question.
> >
> > dc0 was the classic internal interface running dhcpd. I kept that
> > interface as-is.
> >
> > I set dc1, dc2, and rl0 as (only) "up" in their hostname.if files.
> >
> > I placed dc0, dc1, dc2, and rl0 into bridgename.bridge0 with default
> > settings, like add dc0 add dc1, etc.
> >
> > brconfig showed bridge0 as it probobly should apear. Mac addresses of
> > each client were listed on the proper port.
>
> That looks good.
>
> > dhcpd would not respond to client requests. I could use tcpdump on,
> > say rl0 and see the dhcpd requests, but I did not see it on dc0. with
> > IP addresses set manually, a client on dc2 could not ping a client of
> > the same subnet on dc1, etc. I assumed the bridge did not do what I
> > thought it was supposed to do, and dropped it.
>
> Hmm, someone else will have to debug that. It'd probably be the
> easiest/best solution, but I've never configured a bridge.
>
> > So I assigned each NIC an IP address of *.1, .2, .3, and .4.
> >
> > I assumed with IP forwarding, a client connected to the .4 NIC could
> > reach the .1 NIC. I was wrong with that as well.
> >
> > I enabled the bridge again with the internal NIC's having an IP
> > assigned A client connected to the .4 NIC still could not reach .1, or
> > a client connected to .1.
>
> Have you set net.inet.ip{,6}.forwarding?
Yes of course, it has been performing as a router for a while now with
a single NIC for the local network. I did double-check it when i saw
that behavior, though, and it is set.
>
> > > The other solution is to run it as a classical router serving a lot of
> > > /32 subnets.
> > >
> > > Exactly what do you have problems with?
> >
> > I am guessing I did something fundamentaly wrong here?
>
> Probably, but what? ;-)
>
> Joachim
>
>
Thanks for your help, Joachim. I'll do a fresh install and try again
when my 3.9 cd's arrive. Maybe I have stale configurations somewhere.
I have a very difficult time finding anybody on mail archives or
google doing something similar. The only information I can find is for
tranparent firewalls.
Does anybody have a link of somebody performing something similar?
Re: throwing out the switch
On Sun, Apr 09, 2006 at 01:10:21PM -0400, Jeff Quast wrote:
> On 4/9/06, Joachim Schipper <[EMAIL PROTECTED]> wrote:
> > On Sat, Apr 08, 2006 at 01:04:33PM -0400, Jeff Quast wrote:
> > > I've been using openbsd+pf for a router for some time at a neighbor's
> > > house. The router has been upgraded and now has several NIC's.
> > >
> > > I'd like to use multiple interfaces with crossover cables instead of a
> > > single interface with a switch behind it for the internal network, how
> > > would this best be done? I attempted to bridge all of the internal
> > > interfaces, but I don't think this would do what I need it to, since a
> > > bridge can't have an IP address, and it did not apear to work.
> >
> > You could bridge them - this would be the classical 'switch' solution.
> > How to get this done is another question.
>
> dc0 was the classic internal interface running dhcpd. I kept that
> interface as-is.
>
> I set dc1, dc2, and rl0 as (only) "up" in their hostname.if files.
>
> I placed dc0, dc1, dc2, and rl0 into bridgename.bridge0 with default
> settings, like add dc0 add dc1, etc.
>
> brconfig showed bridge0 as it probobly should apear. Mac addresses of
> each client were listed on the proper port.
That looks good.
> dhcpd would not respond to client requests. I could use tcpdump on,
> say rl0 and see the dhcpd requests, but I did not see it on dc0. with
> IP addresses set manually, a client on dc2 could not ping a client of
> the same subnet on dc1, etc. I assumed the bridge did not do what I
> thought it was supposed to do, and dropped it.
Hmm, someone else will have to debug that. It'd probably be the
easiest/best solution, but I've never configured a bridge.
> So I assigned each NIC an IP address of *.1, .2, .3, and .4.
>
> I assumed with IP forwarding, a client connected to the .4 NIC could
> reach the .1 NIC. I was wrong with that as well.
>
> I enabled the bridge again with the internal NIC's having an IP
> assigned A client connected to the .4 NIC still could not reach .1, or
> a client connected to .1.
Have you set net.inet.ip{,6}.forwarding?
> > The other solution is to run it as a classical router serving a lot of
> > /32 subnets.
> >
> > Exactly what do you have problems with?
>
> I am guessing I did something fundamentaly wrong here?
Probably, but what? ;-)
Joachim
Re: throwing out the switch
On 4/9/06, Joachim Schipper <[EMAIL PROTECTED]> wrote: > On Sat, Apr 08, 2006 at 01:04:33PM -0400, Jeff Quast wrote: > > I've been using openbsd+pf for a router for some time at a neighbor's > > house. The router has been upgraded and now has several NIC's. > > > > I'd like to use multiple interfaces with crossover cables instead of a > > single interface with a switch behind it for the internal network, how > > would this best be done? I attempted to bridge all of the internal > > interfaces, but I don't think this would do what I need it to, since a > > bridge can't have an IP address, and it did not apear to work. > > You could bridge them - this would be the classical 'switch' solution. > How to get this done is another question. dc0 was the classic internal interface running dhcpd. I kept that interface as-is. I set dc1, dc2, and rl0 as (only) "up" in their hostname.if files. I placed dc0, dc1, dc2, and rl0 into bridgename.bridge0 with default settings, like add dc0 add dc1, etc. brconfig showed bridge0 as it probobly should apear. Mac addresses of each client were listed on the proper port. dhcpd would not respond to client requests. I could use tcpdump on, say rl0 and see the dhcpd requests, but I did not see it on dc0. with IP addresses set manually, a client on dc2 could not ping a client of the same subnet on dc1, etc. I assumed the bridge did not do what I thought it was supposed to do, and dropped it. So I assigned each NIC an IP address of *.1, .2, .3, and .4. I assumed with IP forwarding, a client connected to the .4 NIC could reach the .1 NIC. I was wrong with that as well. I enabled the bridge again with the internal NIC's having an IP assigned A client connected to the .4 NIC still could not reach .1, or a client connected to .1. > The other solution is to run it as a classical router serving a lot of > /32 subnets. > > Exactly what do you have problems with? I am guessing I did something fundamentaly wrong here? > Joachim
