FreeBSD - create subinterface with IP on different subnet

Hello,

I'm trying to figure out whether/how it may be possible on FreeBSD to create a network subinterface with a different network subnet IP. I do not want to use the concept of "alias" (multiple IPs on single interface). I would like to use a subinterface of a parent.

On Linux I can do this as follows:

ifconfig eth0:1 10.10.10.1 netmask 255.255.255.0 up

This would make eth0:1 a subinterface of eth0 and show up with ifconfig -a as a separate interface (same MAC as eth0), with a different IP/mask.

On FreeBSD I have tried the following:
Code:
ifconfig vtnet0:1 create (gives SIOCIFCREATE2: Invalid argument)
ifconfig vtnet0.1 create (works, but this is for VLAN vs. subinterface)
ifconfig vtnet0.1 inet 192.168.181.223/17 (works, but IP is not able to ping anything outside on 192.168.x.x network)
My guess is I may be on the right track, and would appreciate some guidance.
 
The only difference is that you can't tell the "main address" on the FreeBSD interfaces if you have an alias or multiple aliases. All the addresses assigned to an interface in FreeBSD are 100% equal to each other, no address is preferred over the other.

To illustrate, which one of these is the main address based on just ifconfig(8) output?

Code:
% ifconfig em1
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
        ether 00:1b:21:14:ca:5e
        inet6 fe80::21b:21ff:fe14:ca5e%em1 prefixlen 64 scopeid 0x3
        inet 88.195.xxx.yyy netmask 0xffffe000 broadcast 88.195.aaa.bbb
        inet 192.168.1.200 netmask 0xffffff00 broadcast 192.168.1.255
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active

Naturally it's the public IP address but you don't know that until you look at the routing table.
 
The reason I was trying to create a subinterface is that Linode (VPS provider) only gives out a public and a private IP using a single interface for both. Since Linode now uses KVM, FreeBSD can be installed. Once FreeBSD is installed it only sees a single network interface, which normally would be fine as the public/private IPs can be assigned to the single network interface.

In my case I wanted to install pfSense/OpnSense to work on firewalling (non-prod) and they both need WAN/LAN interfaces to work (parent and subinterface - alias will not work in this case).

So my question is there no way to configure a subinterface in FreeBSD?
 
One interface firewalling on a single broadcast domain (the logical ethernet segment, physical or virtual) is never going to work as you expect it to work, aliases or subinterfaces or not. You should look into VLANs instead for having separate networks on WAN and LAN side.
 
Since I was doing this to simply get the firewall up and running (mostly a playground thing), I was thinking of using it as essentially a firewall on a stick (router on a stick). There should be no issue with this as it is simply for test purposes and a tool to do some FreeBSD learning.

I'm stuck at the following:

- My main interface is vtnet0 (has public IP)

ifconfig vtnet0.1 create inet 192.168.180.223/17 (works)

Try to ping a device on the same network ping 192.168.180.1 (no response)

if I then:

ifconfig vtnet0.1 destroy
ifconfig vtnet0 inet 192.168.180.223/17
ping 192.168.180.1 (works)

Why does the ifconfig vtnet0.1 create inet 192.168.180.223/17 not allow the ICMP to reach the 192.168.180.1?
 
Last edited by a moderator:
"vtnet0.1" configures the vtnet0 devices as part of a tagged vlan 1. Meaning, it sends Ethernet frames that include a vlan tag with a value of 1. If the switch isn't configured to handled tagged vlans, then the Ethernet frames are dropped by the switch. Meaning, no communication with anything.
 
Appreciate all of the responses.

Is there any way to configure an untagged vlan or achieve creating a subinterface with a different IP address using the single network interface exposed by the VPS provider running FreeBSD?
 
"vtnet0.1" configures the vtnet0 devices as part of a tagged vlan 1. Meaning, it sends Ethernet frames that include a vlan tag with a value of 1. If the switch isn't configured to handled tagged vlans, then the Ethernet frames are dropped by the switch. Meaning, no communication with anything.
What are you implying is the switch? I though the host in this situation is the switch so how can it NOT handle the tagged vlan names?
The words "vlan" and "subinterfaces " mean the same thing here. vtam0.1
 
Back
Top