Re: IP aliasing

[DAve <dave.list%pixelhammer.com@localhost>]

Jasper Wallace wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Wed, 18 Jun 2008, DAve wrote:
>
> > Good morning,
> >
> > I have been told by my Network Administrator that we will be changing IP
> > blocks for several key services very soon. I have three new DNS servers
> > running NetBSD on the new IP block already. I also have two legacy DNS servers
> > (also on NetBSD) that I need to drag along behind me for a few more months.
> >
> > My new IP block is 65.124.104.X and my old IP block is 65.196.224.X. Is it
> > possible to have a single machine answer for both IPs on a single interface?
> > The network Gods claim they can route the traffic to me no problem, but I am
> > unsure how to configure the alias for the interface.
> >
> > Old address: 65.196.224.2
> > Netmask: 255.255.255.0
> > Gateway: 65.196.224.1
> >
> > New address: 65.124.104.25
> > Netmask: 255.255.255.224
> > Gateway: 65.124.104.1
> >
> > Is it even possible to alias the old address with the new gateway?
>
> you can have both ip's on the same interface with:
>
> ifconfig intX inet 65.124.104.25/27
> ifconfig intX inet 65.196.224.2/24 alias
>
> As for the default routes:
>
> Depends on what your trying to do - i think you're going to have to talk 
> to your local network guys - if the machines that are trying to reach the 
> old ip's are reachable via the new gateway (and the new gateway won't be 
> confused by packets coming from old ip's coming in on it's new ip 
> interface[1]). Then just set the default route to the new gatway and be 
> done with it.


And this worked fine, I used the new default IP and the networks folks 
took care of routing the old IP properly. No issues. Thanks everyone.


DAve

> There is no straight forward way on NetBSD to have two default routes, but 
> if the set of machines that want to talk to the old ip's is known then you 
> can add routes to just them via the old gateway with:
>
> route add -net oldmachinesnetblock/mask 65.196.224.1
>
> The other way is to use ipf 'fastroute' rule to shift the packets around 
> manually, something like:
>
> pass out on intX fastroute intX : 65.196.224.1 from 65.196.224.2/24 to any
>
> (You'll need to test that carefully, i may have the syntax wrong. Tcpdump 
> is your friend, run it from a machine other than the server your testing,
> so you can see what going on on the wire, oh, and consider pf as well, 
> (look for the 'route-to' option)).
>
> [1] I am making assumptions about your network setup here, they may be 
> wrong.


--
Don't tell me I'm driving the cart!