Topic: 1 NIC 2 Different IPs

Hi,

Is it ok/allowable bind 2 IP addresses to a single NIC where one is the External Public IP and the other is the Internal Private IP

For instance on eth0:
   192.1068.1.5 and 66.207.yy.zz


Or do you need separate NICs ?

Re: 1 NIC 2 Different IPs

chazz wrote:

Is it ok/allowable bind 2 IP addresses to a single NIC where one is the External Public IP and the other is the Internal Private IP

For instance on eth0:
   192.1068.1.5 and 66.207.yy.zz


Or do you need separate NICs ?

See the manpage for ifconfig(8), & look at the alias option:

alias   Establish an additional network address for this interface.  This
         is sometimes useful when changing network numbers, and one wishes
         to accept packets addressed to the old interface.    If the address
         is on the same subnet as the first network address for this
         interface, a non-conflicting netmask must be given.  Usually
         0xffffffff is most appropriate.

http://www.freebsd.org/cgi/man.cgi?quer … ormat=html

Last edited by ocicat (2008-09-24 23:02:25)

Re: 1 NIC 2 Different IPs

I'm curious to know how that's actually going to work - by that I mean, what's the other end of the RJ45 connected to? What's the network layout?

I'm failing to understand how you're going to implement a WAN and LAN connection on one card (and I'm not saying it's impossible - rather that I don't see how to do it)

"UBER" means I don't drink the coffee... I chew the beans instead
             -- Copyright BSDnexus

Re: 1 NIC 2 Different IPs

i'm not 100% sure myself, i've been tasked with setting up a 1/4 cabinet.

so far I have the wan line which gets dropped in with the external ips, and then the servers will/should have an internal 192.168 ip.
the concept is that PF will be running and the firewall would need to have both, by the last post, i assume different nics are in order.

what about different switches ? would i need one for external and one for internal.


line drop->external f.w. switch->external f.w. nic

internal firewall nic->internal f.w. switch


..more than open for comments smile

Re: 1 NIC 2 Different IPs

chazz wrote:

what about different switches ? would i need one for external and one for internal.

*  This may be one option, but you should consider what path outgoing packets will take.  Put thought into what should be the default gateway configured for the host.
*  You should also put in time considering how to harden the system exposed to external addresses.  You have created numerous backdoors someone could exploit.
*  If you do not understand why & how packets will enter & exit a multihomed host, you need to raise this matter with your superiors.

Re: 1 NIC 2 Different IPs

the external firewall could bind all the ips, the internal boxes could use the internal fw as the gateway.

could you post a potential backdoor(s) you see ?

I hope not to say 'there are problems' without any backup to a co-worker

Re: 1 NIC 2 Different IPs

Yeah, you'll best go with two different NICs (it can be done with just one, a switch, and packet tagging, but that's complex and error-prone). If your firewall machine is the only machine connected to the external connection, you don't need a second switch connected to the external-facing NIC.

The firewall you need to set up will be a standard NAT firewall; if you follow the standard PF recipes, you'll end up with a safe default firewall configuration.