On Fri, Mar 03, 2006 at 03:09:17PM -0600, Harry Putnam wrote:
> I'm not sure which way to jump with this question which is a
> reflection of unskilled, inexperienced networking background.
>
> This may not even be the right way to do it.
>
> First: This is all something of a training exercise and not
> an important production setup.
>
> Summary:
> I'm attempting to add a second nic and address on a machine running
> current. I also run an authoratative nameserver on a separate machine
> not running bsd but running bind-9.3.2. So this problem may slop over
> into the named setup on a gentoo linux box.
>
> A simple diagram will convey more than a description: The prefix to all
> displayed IPs is 192.168, but be aware it is simplified ... there are
> more machines involved.
>
> INTERNET
> | (Dynamic IP)
> |
> NETGEAR (consumer grade router FVS-318)
> | 0.20
> --------------------------------------------------
> | 0.4 | 0.3 | 0.5 | 0.19
> | | | |
> [ m1 ] [ m2 ] [ m3 ] [ m4 ]
> | 1.2 | 1.1
> |________________ Unswitched hub ________________|
>
> So the far right (m4) is the obsd machine and is sent copies of all
> connections that come to NETGEAR. All incoming on that intface is
> blocked and logged (0.19). Out on that int_fc is passed keeping
> state.
>
> In and out are passed with no restrictions on 1.1. This line
> in /etc/sysctl.conf is not uncommented nor is it set manually.
> # net.inet.ip.forwarding=1 # 1=Permit [...]
>
> I've tried to set this up all under one domain so my network would end
> up 192.168/16 all under `local.lan'. I'm not sure that is the best
> way to go but it seemed to be easier to setup bind on the other computer
> this way. Or I should say I lacked examples for doing it. While going
> net/16 is similar to the examples in `DNS and Bind 4th. ed'.
>
> /etc/hostname.* look like:
> /etc/hostname.rl0 /etc/hostname.xl0
> 192.168.0.19 255.255.0.0 192.168.1.1 255.255.0.0
>
> /etc/mygate
> 192.168.0.20
>
> So how do I keep stuff from happening like firing up
> `lynx www.google.com' and not being able to connect because
> 192.168.1.1 tries to handle it?
>
> I think I'm missing specific routing for 1.1.
Well, I am not sure exactly what you are trying to do, but getting 1.1
to talk to 1.2 might be somewhat interesting. Nothing too bad, but not
exactly simple either.
It's usually better to divide into subnets. /24 is the standard, and
plenty big enough for any home LAN. This makes routing tables less
complicated (for instance, the NetGear would need a /32 route entry for
both 1.1 and 1.2, as would 0.4 and 0.19; this would be more elegantly
solved by reserving 192.168.1.0/24 for the whole net behind 0.4 and
192.168.2.0/24 for the whole net behind 0.19; 192.168.0.0/24 is then the
network that is directly attached to the NetGear).
Of course, all this presumes that the NetGear allows proper manipulation
of routing tables, which should be the case but may not be.
Joachim
