Re: arpwatch and arp packets ...urgent
Hello,
>> > Why proxy_arp?
>>
>> because SNAT DNAT not work properly with - for example H.323 (even if
>> module for this is in kernel) and others...
>>
>> is any other secure method ?
> I am not really sure what you want to do exactly. Maybe draw a little
> ascii-art with IP-addresses and everything to show what you want.
> IMHO proxy ARP is ugly. Maybe you can bridge instead?
example the simplest topology:
comp comp comp computers in LAN....
publicIP | | | |
=========== server ---+----+----+----+----...
SNAT 192.168.x.x
proxy_arp
some of comp has private addresses 192.168.... and some of them have
to had public IP addreses.
1. solution
SNAT+DNAT on server - but some protocols are not well supported [ex.
H.323]
IP of comp's are set to 192.168.... but on DNAT is translated to IP public.
2. solution - this one of witch we discussing...
IP of comp's are normal public IP, on serwer is routing to this hosts,
proxy_arp is enabled, FORWARD for this comp's are not blocked
(etc..etc...)
I want to be able to set public IP's for computers in LAN. Is any
other solution ? I dont know about it - if you so - please let me know
:)
I am the ISP network administrator.
Thanks a lot.
--
Regards,
Marcin.
Reply to: