Subject: Stumped on aliases
To: None <>
From: David A. Gatwood <>
List: port-mac68k
Date: 11/05/2000 14:04:07
So back to the routing dilemma.  I decided to just take my changes and run
two networks over the same ether.  Now I'm getting real problems.  I have:

sn0: dynamically configured (dhclient)
ae0: defective NIC (times out when sending data, throughput really slow)
ae1: dynamically configured (dhclient)
ae2: inet netmask
ae2: alias netmask

where sn0 is the interface for traffic to/from my firewall machine itself
and to the 10 network behind it, while ae1 is a different number for
everything coming frm the airport network (192.168.0.x)

map sn0 -> 0/32 portmap tcp/udp 40000:60000
man sn0 -> 0/32
map ae1 ->0/32 portmap tcp/udp 20000:40000
map ae1 -> 0/32

And I've tried substituting the dynamically assigned addresses for the
appropriate interfaces instead of the 0, but it makes no difference.  In
either case, ONE of the two networks works (random whether it's the
192 network or the 10 network) and the other doesn't.  I really don't want
the traffic from the airport (which might eventually be used by other
people) to look like it's coming from my main machine address, and I
really don't want those two networks to be able to see each other in any
way.  I've even tried making both of the two nets masquerade to the same
outside address.  Still no go.  It looks like the NAT just will not work
at all with aliases on different networks, but the same interface.

I've confirmed that both outgoing interfaces work corectly using
traceroutes out the appropriate interface.  I've confirmed that all
machines involved can connect to the firewall itself (which wasn't the
case using the defective NIC... :-).  It's only the NAT that is


                    Check out my weekly web comic: