port-i386: Re: Two Network Cards/ipf

Subject: Re: Two Network Cards/ipf
To: None <port-i386@netbsd.org>
From: Ray Phillips <r.phillips@jkmrc.uq.edu.au>
List: port-i386
Date: 09/05/2002 15:31:05
Thanks for your replies Manuel and Jaromir.

OK, I left ne2 as it was and set ne3 to a number in 130.102.20.0/24:

# ifconfig ne2
ne2: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
         media: Ethernet autoselect (10baseT)
         inet 130.102.18.111 netmask 0xffffffc0 broadcast 130.102.18.127
         inet6 fe80::240:5ff:fe6b:f9f3%ne2 prefixlen 64 scopeid 0x1
# ifconfig ne3
ne3: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
         media: Ethernet autoselect (10baseT)
         inet 130.102.20.121 netmask 0xffffff00 broadcast 130.102.20.255
         inet6 fe80::240:5ff:fee1:f6fa%ne3 prefixlen 64 scopeid 0x2

I thought that would make it possible to access my LAN from the PC 
when either ne2 or ne3 (or both) were connected to the LAN, but I 
found that was only possible when ne3 was plugged in.  I tried 
pinging the IP numbers for ne2 and ne3 from the LAN: they could only 
be reached when ne3 was plugged in--even if ne2 wasn't connected to 
the LAN.  So, no packets are travelling into or out of ne2 from the 
LAN.  Is that to be expected?

Next I re-enabled ipf and connected both cards to the LAN.  I could 
only ping machines on the LAN from the PC when ne3 was plugged in, 
not when only ne2 was connected.  When pinging from the LAN I could 
reach ne2 only when both ne2 and ne3 were plugged in.  ne3 could be 
pinged from the LAN when only it was connected.

When I connected another PC to ne2 or ne3 with a transposed cable 
(the other card being plugged into the LAN) I wasn't able to ping it 
from the LAN or from the PC with two NICs.

I'm finding this rather confusing; guess I'm still missing something.

Is it true that with this ipf.conf:

# cat /etc/ipf.conf
pass in from any to any
pass out from any to any

any packet received by either network card should be transmitted by the other?

By the way, if a PC has, say, three network cards and you only want 
two to be configured at startup, I assume that would be done with 
/etc/rc.conf's net_interfaces setting?  What's the syntax for that, 
maybe this?

net_interfaces="ne2,ne3"

This message appears during startup:

IP Filter: v3.4.9 initialized.  Default = pass all, Logging = enabled

where would the log file be?


Ray