I was expecting replies to come back from freebsd-net@freebsd.org, so I didn't see your response until now. I want to keep the two networks separate, so I don't want to bridge the internal and external directly. Besides, since I have more machines than available IPs, I would have to assign the internal-only machines to addresses that may not be available. I want to avoid such addressing overlaps.
Your other method is that I keep NAT on the internal interface as normal, and then create VLANs, bridged to the external interface, to each computer with an external IP. Those machines would communicate as normal on the internal network, but use the VLAN interface for external access. I've not used VLANs before, so I don't know exactly how they work. I know the wrapper causes some overhead, and my switch drops packets >1500 bytes. Do I have to lower the MTU on the internal network, or just the VLANs and external? Also, will my ISP know not to send the larger packets? -----Original Message----- From: Jeremie Le Hen [mailto:[EMAIL PROTECTED] Sent: Monday, October 23, 2006 5:48 AM To: Raymond Wagner Cc: freebsd-net@freebsd.org Subject: Re: Virtual Network Interfaces Raymond, On Sun, Oct 22, 2006 at 06:01:03PM +0200, Jeremie Le Hen wrote: > On Mon, Oct 16, 2006 at 02:12:47AM -0400, Raymond Wagner wrote: > > My ISP provides me up to 5 dynamically assigned addresses out of a /20 > > block. I have more than 5 machines on my network, so I have no choice but > > to run NAT, however I would like to force two of those machines onto their > > own external addresses. If I had static addresses, I could simply alias the > > addresses into the external interface and then use "binat" in pf to redirect > > the traffic. However, the addresses have to be requested from the DHCP > > server, and expire after 4 hours. > > > > I can get this to work by running the NAT function under QEMU and just > > giving the virtual machine several interfaces bridged to the physical > > external interface. Running a VM is far from ideal. Is there any way I > > could set up a virtual network interface that could be bridged to the true > > interface and grab its own DHCP address? > > I don't know if that works, but I would try the following setup. > Supposing you have two physical interaces, an external one (ext0) > and an internal one (int0), I would create a VLAN on int0 for > each machine which have to have its own public address (vlan1 > and vlan2) and bridge { ext0, vlan1, vlan2 }. I thought of another way this morning in my bathroom, which is far neater, though I've not tested it. First use if_bridge(4) to mingle ext0 and int0, then use the MAC addresses to let through but the machines that are supposed to have a public IP address; the other will have to use your FreeBSD as a default gateway. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
