can an alias address be routed through? - BSD

This is a discussion on can an alias address be routed through? - BSD ; I have openBSD 3.8 box with 2 interfaces acting as a router between two internal networks. Inteface xl0 192.168.1.1 with a subnet mask of 255.255.0.0 The other interface sis0 has an address of 192.169.1.254 with a subnet mask of 255.255.0.0 ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: can an alias address be routed through?

  1. can an alias address be routed through?

    I have openBSD 3.8 box with 2 interfaces acting as a router between
    two internal networks.

    Inteface xl0 192.168.1.1 with a subnet mask of 255.255.0.0

    The other interface sis0 has an address of 192.169.1.254 with a subnet
    mask of 255.255.0.0

    It seems to be routing successfully between these two networks. Now
    one device on the 192.168 network is a legacy device and i cannot
    change its subnet mask - it is 192.168.222.1 and subnet 255.255.255.0

    I thought i would just add an alias to xl0 of 192.168.222.254 with
    subnet of 255.255.255.0 and hey presto from the gateway BSD console i
    can ping everything. BUT from the 192.169 network It still doesnt
    repond to ping. If i add a route

    route add 192.168.222.1 192.168.222.254

    I cannot ping 192.168.222.1 from the BSD box console anymore and it
    still doesnt route from the other network.

    my question: Can BSD route to an alias address on an interface or
    not? My next effort will be to add another network card with a
    primary address of 192.168.222.254


  2. Re: can an alias address be routed through?

    Szaba wrote:
    > I have openBSD 3.8 box with 2 interfaces acting as a router between

    ^^^

    Don't do that. Upgrade, 3.8 has known vulnerabilities. And 4.2 is much
    nicer. And upgrading is not too hard if you don't wait two years.

    > two internal networks.
    >
    > Inteface xl0 192.168.1.1 with a subnet mask of 255.255.0.0
    >
    > The other interface sis0 has an address of 192.169.1.254 with a subnet

    ^^^^^^^

    Don't do that, it's allocated.

    > mask of 255.255.0.0
    >
    > It seems to be routing successfully between these two networks. Now
    > one device on the 192.168 network is a legacy device and i cannot
    > change its subnet mask - it is 192.168.222.1 and subnet 255.255.255.0
    >
    > I thought i would just add an alias to xl0 of 192.168.222.254 with
    > subnet of 255.255.255.0 and hey presto from the gateway BSD console i
    > can ping everything. BUT from the 192.169 network It still doesnt
    > repond to ping. If i add a route
    >
    > route add 192.168.222.1 192.168.222.254
    >
    > I cannot ping 192.168.222.1 from the BSD box console anymore and it
    > still doesnt route from the other network.
    >
    > my question: Can BSD route to an alias address on an interface or
    > not?


    That really isn't relevant.

    Having a completely wrong netmask will affect some things, like
    broadcasts, but should not cause simple unicast TCP or UDP or ICMP over
    IP to break. In other words, no matter what your netmask, your gateway
    should be able to ping the device, and the device should be able to
    respond.

    What is more, if you don't play around with aliases, traffic from the
    other side of the gateway to the device most likely works, too.

    However, traffic from the same side of the gateway probably breaks,
    because the routing table on this legacy device sends replies to the
    gateway, instead of the sending host.

    If all of the above is correct, is a proper statement of what you
    consider the problem, and applies to your situation, there are two
    simple solutions:

    1. Add another interface for 192.168.222.0/24 to your gateway (an alias
    might or might not work - I don't know).
    Update *all* hosts in 192.168.0.0/24 to reflect this setup (route add
    192.168.222.0/24 192.168.1.1 if the device is not in 192.168.222.0/24;
    change netmask otherwise), except the legacy device which happens to be
    configured correctly.
    2. Set up a sane structure for 192.168.0.0/16; subdividing into /24
    networks probably makes sense anyway, leaves you with plenty of address
    space (so no need to use 192.169.0.0/24 - if you *really* need more
    adresses, use a subnet of either 10.0.0.0/8 or 172.16.0.0/12), and
    solves this issue as a side-effect.

    The complicated solution involves catching the responses from your
    legacy device on the gateway, and rewriting and resending them to make
    it look like the device replied immediately to the sender. This is
    complex, error-prone, and completely wrong.

    Joachim

  3. Re: can an alias address be routed through?

    Joachim Schipper wrote:
    > Szaba wrote:
    >> I have openBSD 3.8 box with 2 interfaces acting as a router between

    > ^^^
    >
    > Don't do that. Upgrade, 3.8 has known vulnerabilities. And 4.2 is much
    > nicer. And upgrading is not too hard if you don't wait two years.
    >

    Hey! I resemble that comment! I've been tracking release every 6
    months for a /whole/ year now!

+ Reply to Thread