From mboxrd@z Thu Jan 1 00:00:00 1970 From: Joseph Watson Date: Sat, 03 May 2003 15:27:21 +0000 Subject: Re: [LARTC] Proxy Arp question Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org On Saturday May 3 2003 03:33 am, you wrote: > Hi Joseph, > > I took a look more closely at your schema ... > ...snip... > > i'm having a bit of trouble understanding exactly what you're trying to > achieve here. Well let me try to explain a different way. Lets say I have a working network with servers providing web pages, dns, mail, etc.... Now I want to put all the servers behind a firewall and not have to change my network around by subneting or masqerating. So proxy_arp fits the picture well, all I may have to do is flush arp cache or wait for a timeout. I did this using shorewall, and it is working great. Now my question: In my current setup, my firewall has a address on my public network (the same network as my servers). Is it possable to set up proxy_arp so that the proxy_arp-firewall does not have a identity on the public network? This would make it transparent and a little more secure because there would be no possible way for someone to try to access the firewall directly?? ..snip... > > 192.168.1.0/24 dev eth0 scope link > 192.168.3.0/24 dev eth1 scope link > 127.0.0.0/8 dev lo scope link > > your routing table is missing localhost, or did you it? check. > I did snip out all but the routes that pertained to proxy_arp setup :) -- Regards Joseph Watson _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/