DiRT Network Configuration

This document describes how to configure machines to be production workstations, experimental workstations, routers, and proxy-arp servers for FreeBSD, Windows (3.11), and AIX. There is a section on each machine class with subsections for the various operating systems.

Configuring Production machines

Recall that production machines are on the 137A network, and have one of two configurations:

netmask 0xffff0000 


netmask 0xfffff000 
route add default interface 

How to configure an end-station under FreeBSD:

Specifying the link as the default route

In FreeBSD you need to edit /etc/sysconfig and change the following parameters:

# Since we're on the 137 net we can use the short name, taz

# This stuff gets set up at configuration time, just note that lo0 is
# the loop back device, and vx0 is the real ethernet card (lots of our
# freeBSD machines have ed0 as their ethernet device.  See
# /usr/src/sys/i386/conf/LINT or the handbook for more information.
# network_interfaces="vx0 lo0"

# There are ifconfig lines for every network_interface, in this case vx0.
# The inet keyword specifies the next argument is the ip address
# Similiarly for netmask.
ifconfig_vx0="inet  netmask 0xfffff000" 

# You can only specify an address for the default router here. Since
# we want to specify an interface we have to do it in /etc/rc.local

In /etc/rc.local:

# This uses the route command at boot time to make the link associated
# with /dev/vx0 the default router.
route add default -interface vx0
Specifying a default router

If you want to set up the machine to use a real router instead of an interface as the default route, This is what you do. /etc/sysconfig is largely the same as above except for the netmask and the specification of a default router instead of none.


ifconfig_vx0=inet  netmask 0xffff0000 

In /etc/rc.local you do NOT want to specify a route add line.

How to configure a production workstation under Windows 3.11

How to configure a production workstation under AIX

Configuring an experimental end-station

Our experimental workstations are connected to one of our hubs or switches, which a router is also connected to. The end-station must specify the default router and the netmask for its network. In addition to the local configuration on each machine, the appropriate proxy arp entry must be made as well. See the proxy arp section below.

How to configure an experimental workstation under FreeBSD.

Consider the example of goober139, a FreeBSD machine on the 139A subnet, with taz as its router. It's /etc/sysconfig should have the following lines:

# Use the 139 name to match the 139A subnet address.

# The ethernet device is ed0, goober's ip address is and 
# we are using a 25 bit netmask.
ifconfig_ed0=inet netmask 0xffffff80 

# Taz has at least two interfaces, non 139A packets get routed to its 
# 139 address. 

How to configure an experimental workstation under Windows 3.11

How to configure an experimental workstation under AIX

How to configure proxy-arp.

We have used AIX machines as proxy-arp servers in the past. We currently use a FreeBSD machine (taz) to proxy arp for our 139{A,B} subnets and a Solaris machine (topsecret) to proxy arp for our other subnets. The procedure is largely the same for all three: create a file that associates ip addresses with the hardware address of the appropriate router's interface to the department and use "arp -f" to read the file in at system startup.

There is some question of whether the proxy-arp server should also be the router for the machines it is proxy-arping for. The problem is that the router will wind up with two arp table entries for the experimental machines, the proxy arp entry which it reads from the table and the real entry which it learns of in response to arp requests on the experimental subnet. Further, if care is not taken, the router may also proxy arp onto the experimental subnet. If you want the router to be the proxy-arp server you must have two entries in the arp.table file, "public" ones which those used to proxy-arp on the departmental network, and "private" ones which match ip addresses to the real hardware addresses of the machine. It is probably better to have simply have the proxy-arp machine be one that is not connected to the experimental networks.

Note that the decision of which machine to use as a proxy arp server has no relation to the type of machine being proxy-arp'd for. We could have our solaris, FreeBSD, or AIX machine proxy arp for any or all of our experimental machines. We have separated this service purely for ease of administration.

How to configure proxy arp under FreeBSD.

As noted above, our current FreeBSD proxy-arp server is also a router. This requires us to have the "permanent" entries shown below. If the proxy-arp server were not the router, we would only need the pub entries. The following is the content of the file, /etc/arp.table on taz: 0:a0:24:6b:6c:ce pub 0:a0:24:6b:6c:ce pub 0:a0:24:6b:6c:ce pub 0:a0:24:6b:6c:ce pub 0:a0:24:6b:6c:ce pub 8:0:5a:7f:41:b7 permanent 10:0:5a:14:95:bb permanent 10:0:5a:ba:f0:4f permanent

The first entry on each line is the ip address of a machine on the 139A subnet. The next entry is the hardware address that this machine will respond to ARP requests with. This is the hardware address of the router's ethernet card which is connected directly to the departmental ethernet. The pub parameter this is a proxy-arp entry, i.e. this machine should respond to ARP requests for the ip address with this hardware address. The lines with out the pub keyword are not used for proxy arp, but their permanent keyword indicates they take precedence for local ip address to hardware address assignments (as packets are sent onto the 139A subnet).

This file is used to initialize the arp table at bootup via the following line in /etc/rc.local:

# This proxy arps for the machines I have on the 139A subnet so that taz
# can route their packets off of the department subnet.
/usr/sbin/arp -f /etc/arp.table

Tip:You can get the hardware address for a card one of several ways:

  1. FreeBSD machines display the hardware addresses of interfaces as they intialize them at bootup.
  2. arp -a shows hardware addresses (including the hardware addresses of the local interfaces). Watch out for proxy arp entries though!
  3. Use the configuration diskette for the card and look at it.
  4. Use a packet trace program (tcpdump -e) to look at the ethernet frame of a packet from the machine in question.

How to configure proxy arp under Solaris

How to configure proxy arp under AIX.

How to configure routing

For the machines we use as routers, their configuration varies widely. The one thing that should be noted is that the 6611's are trouble, particularly because of the limitations on the number of static routes you can set up. Another important note: we don't use any routing protocol (e.g. RIP, OSPF) in the department or in the DiRT lab. The route a packet takes within the department is based on the settings for "default router", static routes, and proxy-arps. Don't try to enable gated or routed on any of these machines unless you REALLY know that's what you want to do. You'll probably just corrupt your routing table and have to reboot the machine.

How to configure routing under FreeBSD.

Our FreeBSD machines come ready to route packets between interfaces or back out over the same interface if it receives a packet in error. All that you have to do is set up the interfaces with their netmasks, etc., specify a default router, and set the gateway variable to YES in /etc/sysconfig.

For example, taz is the router for the 139A subnet so it has one interface (vx0) setup to be a normal connection to the department and the other interface (ep0) setup as a connection to an experimental network, as shown above. The essential parts of its /etc/sysconfig are as follows:

# If you want this host to be a gateway, set to YES.

network_interfaces="vx0 ep0 lo0"

#connected to the department (netmask) with a 137 address
ifconfig_vx0="inet  netmask"

#connected to the 139A subnet
ifconfig_ep0="inet  netmask"

#There is no default route. (using /etc/rc.local instead)
along with this line in /etc/rc.local:
/sbin/route add default -interface vx0
With this setup and a proxy arp as above, all packets received for a 139A address are forwarded onto the 139 subnet (if their is an arp-table entry for it) and everything else is forwarded out through the vx0 interface.

How to configure routing under AIX.

How to configure routing on a 6611.

This information is in a separate document: Configuring the 6611 Routers

Previous document Next document
Other DiRT documents
Author: Mark Parris
Last updated: June 18, 1997