DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 28th May 2008
AlexV AlexV is offline
New User
 
Join Date: May 2008
Location: Romania
Posts: 3
Default 2 external NIC + 1 internal NIC

Hi all.
Recently i have upgraded my server... 2xHDD Seagate, 1 AMD SEMPRON x64 CPU, 2 GB DDR2-800 RAM, MB ASUS M2N-MX SE Plus with RAID onboard. This configuration it's more then ok for my needs.
I have installed F-BSD 7.0 amd64 whithout any problems and surprised me because recognised integrated SATA RAID controller in RAID 0 (stripping).

But the problems begin with the NIC's card. I put three NIC's into my server:
1. external 3Com 3C905B-TX with first public IP. (IP_A)
2. external 3Com 3C905B-TX with second public IP. (IP_B)
3. onboard NIC (Nvidia) with internal IP (IP_C).

I need two external NIC's because i have two separated domains and i don't like to make alias on external NIC. And for IP_B i wand to make forward to the LAN for some services.
IP_A must serve only the local servers ... like ftp, http, dns, ssh.. and so on.

PROBLEMS:

a. even if both NIC's are reported to be active by ifconfig commands, only one respond to pings from an external ip; i don't have any rule in firewall which block the icmps;
b. from LAN, both NIC's repond to pings whithout any problems;
c. i tried to setup an alias (in rc.conf i put this line: ifconfig_xl0_alias0=""inet ip_B netmask mask_for_IP_B") on the NIC that respond from WAN, but whithout results; IP_B does not respond to ping meanwhile IP_A respond very good;
d. my ISP say that both IP are functionally, with MAC addresses corectly registered;

Can anyoane help me to resolve these problems, because i'm stuck... I don't have any ideea how to... and i don't find any similar topics if i search on google.

Thank you.
Alex.
Reply With Quote
  #2   (View Single Post)  
Old 29th May 2008
phoenix's Avatar
phoenix phoenix is offline
Risen from the ashes
 
Join Date: May 2008
Posts: 696
Default

You can't have two physical interfaces connected to the same physical network using IPs in the same subnet. IP networking just won't work in that setup.

If you absolutely must use both NICs to serve your two IPs, than consider using lagg(4) to link the two physical NICs into a single virtual NIC and assigning your IPs to that.
__________________
Freddie

Help for FreeBSD: Handbook, FAQ, man pages, mailing lists.
Reply With Quote
  #3   (View Single Post)  
Old 29th May 2008
jleal jleal is offline
Real Name: Chuy
Port Guard
 
Join Date: May 2008
Location: Boca del Rio
Posts: 11
Default ellegant solution!

yes lagg is and elegant solution i am goint to implement it soon you can also read =http://groups.google.ru/group/mailing.freebsd.ipfw/msg/9c440f25ee774686

please tell us what you finnaly did!!!!


thanks
Reply With Quote
  #4   (View Single Post)  
Old 29th May 2008
robbak's Avatar
robbak robbak is offline
Real Name: Robert Backhaus
VPN Cryptographer
 
Join Date: May 2008
Location: North Queensland, Australia
Posts: 366
Default

Are the two public IPs on the same subnet?
I don't know how lagg(4) will go if your upstream link is more complex than two-ports-on-a-switch. For instance, the lagg interface only grabs one ip address.

The other option is to configure and run routed, the routing daemon. It deals with deciding what interface to send packets out to, when there are multiple 'correct' answers, when a 'default route' no longer makes sense, based on things like 'metrics'. Scary stuff - I'm glad I've never had to deal with it.

I also do not know if routed would work where the two interfaces are on one subnet. Use lagg for that, if you can....
__________________
The only dumb question is a question not asked.
The only dumb answer is an answer not given.

Last edited by robbak; 29th May 2008 at 05:42 AM. Reason: clarifying
Reply With Quote
  #5   (View Single Post)  
Old 30th May 2008
AlexV AlexV is offline
New User
 
Join Date: May 2008
Location: Romania
Posts: 3
Default

Hi all.
Yes, my two external public IP's are from same network and have same subnet mask and same broadcast.
I experienced similar configuration in the company for that i work. There i have an mail server (KOLAB installed over FREE BSD 6.1) , with two NIC's and two different public ip. Both ip provided by the ISP and is from same network, have same subnet and same broadcast. All works fine and both ip's are visible from internet and from company LAN.
LAGG is a wonderful solution for failover with one IP, but for me, is useless in this moment.
I need to have both ip's visible independent from internet. Something like that
- Public_IP_A Domain_A
- Public_IP_B Domain_B
Interesting is that both ip is reachable from LAN ... if the ip networking don’t work fine with this setup, should be the same problem from LAN.

BTW: You should take a look at www.kolab.org which is an excellent replacement for Exchange and is absolutely free. Thank you guys for your excellent work.
Reply With Quote
  #6   (View Single Post)  
Old 31st May 2008
robbak's Avatar
robbak robbak is offline
Real Name: Robert Backhaus
VPN Cryptographer
 
Join Date: May 2008
Location: North Queensland, Australia
Posts: 366
Default

It depends on your ifconfig rc.conf lines.

In the past, the system has refused to accept two interfaces on the same network, or just acted up - I'm not quite sure how.

It seems that now it simply disables output on one interface. The user used to do this by setting the subnet on one interface to 255.255.255.255.

The contents of your rc.conf file, and the output of ifconfig would help us understand your precise situation, but I doubt it would help us make sugestions.

Personally, I'd remove the 'default router' setting and run routed. I don't know if it would work, though.
__________________
The only dumb question is a question not asked.
The only dumb answer is an answer not given.
Reply With Quote
  #7   (View Single Post)  
Old 2nd June 2008
hamba hamba is offline
Fdisk Soldier
 
Join Date: Apr 2008
Posts: 71
Default

I just found ng_fec have a look at the man page ng_fec(4)

You can link up to 8 interface to become one interface called fec0.

I've never done this but maybe its what your looking for.

Last edited by hamba; 2nd June 2008 at 04:53 PM.
Reply With Quote
  #8   (View Single Post)  
Old 4th June 2008
AlexV AlexV is offline
New User
 
Join Date: May 2008
Location: Romania
Posts: 3
Default

Hello all
I'm still stuck....
Resuming, i have two external NIC. Both have routable IP's from same network with same subnet maskl.
Each one must serve one domain.
Only one is visible from the net.
Both are visible from LAN.
There are no rules in firewall to block icmp's.
Only one is used to routing.

Here is a portion of my rc.conf

#-----------------------#

defaultrouter="ISP_gateway_IP"
gateway_enable="YES"
hostname="ns.my_domain.ro"
#
ifconfig_xl0="inet IP_EXTERNAL_1 netmask 255.255.254.0"
ifconfig_rl0="inet IP_EXTERNAL_2 netmask 255.255.254.0"
ifconfig_nfe0="inet IP_TO_INTERNAL_LAN netmask 255.255.255.0"
#
named_enable="YES"
#
firewall_enable="YES"
firewall_type="simple"
firewall_logging="YES"
#
natd_enable="YES"
natd_interface="xl0"
natd_flags="-dynamic -m -u -f /etc/natd.conf"

NB: i attached an image with my home lan topology.
Attached Images
File Type: jpg net.jpg (23.1 KB, 79 views)
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Routing internal requests to external IPs jdude FreeBSD General 1 9th July 2009 07:25 AM
Redirect Internal Network to Internal Website plexter OpenBSD Security 12 12th February 2009 08:00 PM
Problem pinging internal nic JustDoIt OpenBSD General 16 19th August 2008 08:16 PM
fetchmail: POP3< -ERR internal server error graudeejs FreeBSD General 3 19th July 2008 02:02 PM
NIC with internal cable; how to remove? TerryP Off-Topic 9 14th July 2008 06:33 AM


All times are GMT. The time now is 02:30 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick