Routing into overlapping subnets
Christian Ullrich
chris at chrullrich.net
Thu Feb 18 05:31:56 UTC 2010
* Steve Bertrand wrote:
> On 2010.02.17 16:42, Christian Ullrich wrote:
>> send the packet. Why doesn't the kernel look up an ARP table entry by
>> both IP address and interface?
>
> That's not how the protocols were designed, and thankfully so. Imagine
> the potential for spoofing if this were allowed by default ;)
You're right, of course. I had not considered that.
> I have a couple of ideas, but need to understand better of your setup.
> Advise if this seems semi-accurate:
>
> - you house global resources for a bunch of clients at a central location
> - you have limited public IP addresses to do this with, or your central
> location is located within the same 'building' as all of the clients
The latter.
> - you have several clients with overlapping 1918 space
> - you need a method to have two instances of eg 192.168.1.110 accessing
> a single central resource, but which will be coming in on two separate
> interfaces (physical or virtual)
> - the central services (ie printer) doesn't have the capability to house
> more than a single IPv4 address
> - you do not want to be open to the potential for one client accessing
> the others networks
> - you have absolute control over the pf box
>
> is this right?
Exactly right.
--
Christian
More information about the freebsd-net
mailing list