From: Joseph Watson <jtwatson@datakota.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Proxy Arp question
Date: Sat, 03 May 2003 15:27:21 +0000 [thread overview]
Message-ID: <marc-lartc-105197572530859@msgid-missing> (raw)
In-Reply-To: <marc-lartc-105184920302860@msgid-missing>
On Saturday May 3 2003 03:33 am, you wrote:
> Hi Joseph,
>
> I took a look more closely at your schema ...
>
...snip...
>
> i'm having a bit of trouble understanding exactly what you're trying to
> achieve here.
Well let me try to explain a different way. Lets say I have a working network
with servers providing web pages, dns, mail, etc.... Now I want to put all
the servers behind a firewall and not have to change my network around by
subneting or masqerating. So proxy_arp fits the picture well, all I may have
to do is flush arp cache or wait for a timeout. I did this using shorewall,
and it is working great. Now my question:
In my current setup, my firewall has a address on my public network (the same
network as my servers). Is it possable to set up proxy_arp so that the
proxy_arp-firewall does not have a identity on the public network? This
would make it transparent and a little more secure because there would be no
possible way for someone to try to access the firewall directly??
..snip...
>
> 192.168.1.0/24 dev eth0 scope link
> 192.168.3.0/24 dev eth1 scope link
> 127.0.0.0/8 dev lo scope link
>
> your routing table is missing localhost, or did you <snip> it? check.
>
I did snip out all but the routes that pertained to proxy_arp setup :)
--
Regards
Joseph Watson
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-05-03 15:27 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-02 4:18 [LARTC] Proxy Arp question Joseph Watson
2003-05-02 7:31 ` christopher cuse
2003-05-03 5:02 ` Joseph Watson
2003-05-03 7:35 ` christopher cuse
2003-05-03 15:27 ` Joseph Watson [this message]
2003-05-04 18:53 ` Don Cohen
2003-05-04 19:41 ` christopher cuse
2003-05-04 20:56 ` Martin A. Brown
2003-05-04 22:53 ` Joseph Watson
2003-05-04 23:15 ` Martin A. Brown
2003-05-06 0:15 ` Joseph Watson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-105197572530859@msgid-missing \
--to=jtwatson@datakota.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.