• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[Solved] More than one private ip subnet on LAN interface?

Scheduled Pinned Locked Moved Virtualization
23 Posts 4 Posters 2.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    johnpoz LAYER 8 Global Moderator @JKnott
    last edited by johnpoz Dec 24, 2019, 6:08 PM Dec 24, 2019, 6:05 PM

    @JKnott said in More than one private ip subnet on LAN interface?:

    There's nothing to stop someone from having both a pubic and RFC 1918 address on an interface, for example.

    Other than just plain common sense... There would be ZERO freaking reason to do such thing... Its not actually isolating anything and no point to it..

    You can put as many IPs you want on the same L2 - doesn't mean it makes any sense, or you should do it, etc.

    The reason for the link-local on IPv6 is to get information on its neighbors, its sends the RS from its link-local address, etc. etc.. There is all kinds of things that happen with the link-local in IPv6 that don't really need to get into here, and you if anyone should know anyway.

    This is in no way the same as putting a public IPv4 and a rfc1918 IPv4 address on an interface - what does that accomplish other than complications and nonsense? If a device needs to have a rfc1918 and a public IPv4 then they should be on different L2s

    Lets not mix in how things are done with IPv6 with the IPv4 talking about here.. Derelict has given the correct solution to the OP question, which is vlans!

    An intelligent man is sometimes forced to be drunk to spend time with his fools
    If you get confused: Listen to the Music Play
    Please don't Chat/PM me for help, unless mod related
    SG-4860 24.11 | Lab VMs 2.8, 24.11

    1 Reply Last reply Reply Quote 0
    • L
      lifeboy @lifeboy
      last edited by Dec 26, 2019, 12:38 PM

      The use of VLAN's is the better way to achieve this (as answered by @Derelict), but I wanted to add this to my own question as far as it pertains to creating virtual bridges:

      It seems that one cannot add a virtual device to a NIC that is already part of a bridge.

      :~# ip link add link ens7f0 virt1 address 00:11:22:33:44:55 type macvlan
      RTNETLINK answers: Device or resource busy

      However, if I create the Virtual NIC and then add it to a bridge, it works.

      :~# ip link add link ens7f1 virt1 address 00:11:22:33:44:55 type macvlan
:~# brctl addbr virtb1
:~# brctl addif virtb1 virt1
:~# brctl show
bridge name   bridge id             STP enabled        interfaces
virtb1        8000.001122334455        no              virt1
vmbr0         8000.ac1f6bcae3e2        no              ens7f0
                                                       tap101i0
vmbr1         8000.ac1f6bc59544        no              ens6f0
                                                       tap101i1

      Although Proxmox's GUI doesn't "see" the new bridge, if I edit the qemu conf file for the VM, the port is added and the VM starts.

      1 Reply Last reply Reply Quote 0
      • D
        Derelict LAYER 8 Netgate
        last edited by Dec 26, 2019, 4:00 PM

        Sounds like you should probably move to a proxmox forum.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        23 out of 23
        • First post
          23/23
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received