[ previous ] [ next ] [ threads ]
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] M0n0wall and public IPs
 Date:  Wed, 30 Jun 2004 14:48:11 -0700 (PDT)
On Wed, 30 Jun 2004, Michael Sierchio wrote:
> Fred Wright wrote:
> > On Wed, 30 Jun 2004, Vincent FLEURANCEAU wrote:
> >>Go to http://m0n0-ip/exec.php and execute:
> >>
> >>/sbin/ifconfig sis0 x.x.x.A netmask alias
> >>/sbin/ifconfig sis0 x.x.x.B netmask alias
> > 
> > You don't want 32-bit netmasks, you want the appropriate netmasks for the
> > addresses.  In most cases this means the same as for the primary address.
> Fred -- you should be better informed before "correcting" someone
> else's posts.
>  From the FreeBSD ifconfig man page:
>       alias   Establish an additional network address for this interface.  This
>               is sometimes useful when changing network numbers, and one wishes
>               to accept packets addressed to the old interface.  If the address
>               is on the same subnet as the first network address for this
>               interface, a non-conflicting netmask must be given.  Usually
>               0xffffffff is most appropriate.

Oops - sorry.  But in my defense:

1) There's no logical reason for that restriction.  Assigning conflicting
netblocks to *different* interfaces is a problem because it creates a
routing ambiguity.  But as long as the "conflicts" are within a single
interface, there's no problem.

2) At one time, the FreeBSD kernel did *not* have this restriction.  One
wonders if the change was made intentionally or as an accident that was
then "fixed" in the documentation. :-)

3) Lying about the netmask (which is what this amounts to) may confuse
something else, so that restriction makes aliases even more inferior to
primary IPs than they already are for other reasons.

					Fred Wright