DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 7th May 2016
Ghost3d Ghost3d is offline
Real Name: William Haynes
Ghost3d
 
Join Date: Apr 2009
Posts: 2
Question FreeBSD on Rasperi/Bananna-Pi for router?

So I'm about to purchase a Rasberry/Bananna Pi device to upgrade some features in my network routing. The thing is I'm concerned because there is only one NIC [Gigabit]. I was thinking either pump traffic in and back out [assigning 2 ip's to that one nic] of or just make a virtual nic for traffic routing and point inward/outward traffic to its destination...
The Pi device is then plugged into the switch and wa-la.

Ok so my traffic peaks at about 10-12MB/s at the WAN side, my question is which setup would most likely give me the best performance [basically no reduction] for routing traffic? I'll be running pf, and wifi for an AP. I think the quad core arm with that Gb-nic is plenty of power, I'm just curious about the software setup being the bottle neck. It may not even put a dent in it but I thought I would get some opinions. If you have a totally different idea I'm up for hearing it.

Any hits would be greatly appreciated

Ghost
__________________
Support Free and Open Software: Join a Linux/BSD Users Group.

LinuxCompound.com
Reply With Quote
  #2   (View Single Post)  
Old 7th May 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,562
Default

Hello, and welcome!

I don't know anything about the various Raspberry products, but if the models have both a wired NIC and a wireless NIC, they can act as routers between a wired subnet and a WiFi subnet.

If you want to route wired Ethernet, then a single NIC does not a router make, unless you implement a vlan(4) based infrastructure, and route via individual VLANs.

VLAN - IEEE 802.1Q - requires a central backbone device called, quite subtly, a managed switch. Unless your switch is in this class, you'll need to use a computer with at least two NICs. Managed switches come with administration and provisioning tools, so you would know if yours was in this class.
Reply With Quote
  #3   (View Single Post)  
Old 7th May 2016
Ghost3d Ghost3d is offline
Real Name: William Haynes
Ghost3d
 
Join Date: Apr 2009
Posts: 2
Thumbs up

Thank you,

I'm new to this raspi thing, but I'm a Linux Desktop user and primarily FreeBSD for serving little LAN projects.

On this topic maybe I'm missing something, I looked up aliases and understand that an alias requires a different subnet which is perfect, as well as giving me a second network interface listing in ifconfig. So what is not allowing me to route from rl0 (Pub-IP)--->rl0_alias (10.0.0.1)?

example

WORLD--->MODEM--->SWITCH--->rl0 [RasPi] Public IP --->rl0_alias (10.0.0.1) --->switch


Ex idea for Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 10.0.0.1 UGS 0 49378 xl0
127.0.0.1 127.0.0.1 UH 0 6 lo0
10.0.0/24 link#1 UC 0 0 xl0
192.168.1/24 link#2 UC 0 0 xl0_alias

If there is something fundamentally disallowing packets to be passed through the alias, I could understand, I just thought a situation similar to this might work. If not I can always use a USB NIC, I was just going for efficiency.
__________________
Support Free and Open Software: Join a Linux/BSD Users Group.

LinuxCompound.com
Reply With Quote
  #4   (View Single Post)  
Old 8th May 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,562
Default

Quote:
Originally Posted by Ghost3d View Post
Thank you,

I'm new to this raspi thing, but I'm a Linux Desktop user and primarily FreeBSD for serving little LAN projects.
I don't know anything about Raspberry platforms, and don't use Linux or FreeBSD. So all guidance here just comes from general Ethernet and TCP/IP networking knowledge.
Quote:
...I looked up aliases and understand that an alias requires a different subnet...
An alias address is just an extra IP address that a NIC will answer to. An individual NIC may have multiple aliases. Dozens. Hundreds. Thousands.

All an alias address will do is cause the NIC to respond to any Address Resolution Protocol ("ARP") query broadcast for that IP address on the local Ethernet segment.
Quote:
...giving me a second network interface listing in ifconfig...
While you may have an "alias" assignment variable for your rc.conf(8) configuration file, this isn't a separate NIC. It is an merely an additional IP address the NIC will respond to.

In your post, you show a topology where two subnets share the same physical Ethernet segment, from the Modem (your ISP gateway router) to every device. There is no isolation between subnets -- they all share the same Ethernet network.

If you're planning to use this new device as a firewall, with set policies to enforce, your device and its policies can be bypassed merely by someone changing a device's IP address from one subnet to the other -- from an address on the 10.0.0.0/24 "inner" subnet to an address on the 192.168.1/24 "outer" subnet. That's all it takes to bypass your device.

The VLAN technology I mentioned in my post above is quite different -- untagged (standard Ethernet) ports assigned to unique VLANs on the switch are on separate Ethernet segments. Traffic is physically isolated.
Reply With Quote
  #5   (View Single Post)  
Old 9th May 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,562
Default

I'm returning to this thread because there was a discussion a couple of years ago in this forum regarding multiple subnets on the same Ethernet segment. http://daemonforums.org/showthread.php?t=8528

Man page links within are broken -- every reference now refers to chmod(2), which is unhelpful, but if you ignore those references, the rest of the discussion may be helpful.

Last edited by jggimi; 9th May 2016 at 11:57 PM. Reason: typo
Reply With Quote
Reply

Tags
bananna pi, firewall, freebsd, pf, rasberry pi

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cable modem + router + FreeBSD Beastie FreeBSD General 2 24th June 2009 07:58 AM
FreeBSD as firewall/router on VMware ESXi Bruco FreeBSD General 12 6th December 2008 08:37 PM
Decision for FreeBSD router bichumo General software and network 3 3rd July 2008 07:33 PM
Where to go for specific freebsd router problems? borngeniusat1974 FreeBSD General 3 19th June 2008 11:21 PM
Router - recommendations for FreeBSD? ClaptonOrient FreeBSD General 17 12th June 2008 06:12 PM


All times are GMT. The time now is 09:41 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick