This document describes how to configure machines to be production workstations, experimental workstations, routers, and proxy-arp servers for FreeBSD.
In FreeBSD, you need to edit /etc/rc.conf and change (or check) the following parameters:
### Basic network options: ### # Since we're on the 137 net we can use the short name, tyagi hostname="tyagi" # Set this! # This stuff gets set up at configuration time, just note that lo0 is # the loopback device, and vx0 is the real ethernet card (lots of our # freeBSD machines have ed0 as their ethernet device). See # /usr/src/sys/i386/conf/LINT or the handbook for more information. network_interfaces="fxp0 lo0" # List of network interfaces (lo0 is loopback). # There are ifconfig lines for every network_interface, in this case, fxp0. # The inet keyword specifies the next argument is the IP address # Similiarly for netmask. ifconfig_fxp0="inet 22.214.171.124 netmask 255.255.0.0" ... ### Network routing options: ### # You can only specify an address for the default router here. defaultrouter="126.96.36.199" # Set to default gateway (or NO). # Make sure that both gateway_enable and router_enable are NO gateway_enable="NO" # Set to YES if this host will be a gateway. router_enable="NO" # Set to YES to enable a routing daemon.
Consider the example of goober134, a FreeBSD machine on the 134 subnet, with daffy134 as its router. It's /etc/rc.conf should have the following lines:
### Basic network options: ### # Use the 134 name to match the 134 subnet address. hostname="goober134" # The ethernet device is ed0, goober's IP address is 188.8.131.52 and # we are using a 24 bit netmask. ifconfig_ed0=inet 184.108.40.206 netmask 255.255.255.0 ... ### Network routing options: ### # Daffy has at least two interfaces, non-134 packets get routed to its # 139 address. defaultrouter="220.127.116.11"
Sam is currently our proxy-arp machine for our 152.2 subnets. We will be working on a proxy-arp for our 152.19 subnets soon.
Create a file that associates IP addresses with the hardware address of the appropriate router's interface to the department and use "arp -f" to read the file in at system startup.
There is some question of whether the proxy-arp server should also be the router for the machines it is proxy-arping for. The problem is that the router will wind up with two arp table entries for the experimental machines, the proxy arp entry which it reads from the table and the real entry which it learns of in response to arp requests on the experimental subnet. Further, if care is not taken, the router may also proxy arp onto the experimental subnet.
If you want the router to be the proxy-arp server you must have two entries in the arp.table file:
Since our proxy-arp server is not the router, we only need the "pub" entries. The following is a bit of the content of the file, /etc/arp.goldberg.table on sam:
18.104.22.168 00:c0:4f:79:f4:1c pub 22.214.171.124 00:c0:4f:79:f4:1c pub 126.96.36.199 00:c0:4f:79:f4:1c pub 188.8.131.52 00:c0:4f:79:f4:1c pub 184.108.40.206 00:c0:4f:79:f4:1c pub 220.127.116.11 00:c0:4f:79:f4:1c pub 18.104.22.168 00:c0:4f:79:f4:1c pub 22.214.171.124 00:c0:4f:79:f4:1c pub 126.96.36.199 00:c0:4f:79:f4:1c pub 188.8.131.52 00:c0:4f:79:f4:1c pub
If our FreeBSD proxy-arp server was also a router, we would be required to have "permanent" entries as shown below.
184.108.40.206 8:0:5a:7f:41:b7 permanent 220.127.116.11 10:0:5a:14:95:bb permanent 18.104.22.168 10:0:5a:ba:f0:4f permanent
The first entry on each line is the IP address of a machine on the 135 subnet. The next entry is the hardware address that this machine will respond to ARP requests with. This is the hardware address of the router's ethernet card which is connected directly to the departmental ethernet. The pub parameter this is a proxy-arp entry, i.e. this machine should respond to ARP requests for the ip address with this hardware address. The lines without the pub keyword are not used for proxy arp, but their permanent keyword indicates they take precedence for local ip address to hardware address assignments (as packets are sent onto the 139A subnet).
This file is used to initialize the arp table at bootup via the following line in /etc/rc.local:
# This proxy arps for the machines I have on the 139A subnet so that taz # can route their packets off of the department subnet. /usr/sbin/arp -f /etc/arp.table
Tip: You can get the hardware address for a card one of several ways:
One important note on routing: we don't use any routing protocol (e.g. RIP, OSPF) in the department or in the DiRT lab. The route a packet takes within the department is based on the settings for "default router", static routes, and proxy-arps. Don't try to enable gated or routed on any of these machines unless you REALLY know that's what you want to do. You'll probably just corrupt your routing table and have to reboot the machine.
Our FreeBSD machines come ready to route packets between interfaces or back out over the same interface, if it receives a packet in error. All that you have to do is set up the interfaces with their netmasks, etc., specify a default router, and set the gateway variable to YES in /etc/rc.conf
For example, topsecret is the router for the experimental network, so it has one interface (vx0) setup to be a normal connection to the department and the other interface (fxp0) setup as a connection to the experimental network. We have two other routers in the experimental network, daffy and elmer. Topsecret, daffy, and elmer all have interfaces on the 139 subnet, so they can communicate. Daffy routes for the 134 subnet, and topsecret134 is its default router. Elmer routes for the 138 subnet, and topsecret138 is its default router. The essential parts of topsecret's /etc/rc.conf are as follows:
### Basic network options: ### hostname="topsecret" network_interfaces="fxp0 vx0 lo0" # List of network interfaces (lo0 is loopback). # fxp0 is connected to the 139 subnet ifconfig_fxp0="inet 22.214.171.124 netmask 255.255.255.0" # vx0 is connected to the department network ifconfig_vx0="inet 126.96.36.199 netmask 255.255.0.0" ... ### Network routing options: ### # Anything topsecret doesn't know what to do with should be sent to the campus router. defaultrouter="188.8.131.52" # If you want this host to be a gateway, set gateway_enable to YES gateway_enable="YES" # Set to YES if this host will be a gateway. router_enable="NO" # Set to YES to enable a routing daemon.along with these lines in /etc/rc.local:
route add -net 184.108.40.206 220.127.116.11 route add -net 18.104.22.168 22.214.171.124With this setup and a proxy arp as above, all packets received for a 134 address are forwarded to daffy139, which forwards them to the 134 subnet (if there is an arp-table entry for it), all packets received for a 138 address are forwarded to elmer139, and everything else is forwarded back to the department router.
Previous document Next document