[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: arpwatch and arp packets ...urgent

Hello,

>> > Why proxy_arp?
>> 
>> because SNAT DNAT not work properly with - for example H.323 (even if
>> module for this is in kernel) and others...
>> 
>> is any other secure method ?

> I am not really sure what you want to do exactly. Maybe draw a little
> ascii-art with IP-addresses and everything to show what you want.
> IMHO proxy ARP is ugly. Maybe you can bridge instead?


example the simplest topology:

                     comp comp comp computers in LAN....
   publicIP           |    |    |    |
=========== server ---+----+----+----+----...
            SNAT          192.168.x.x
            proxy_arp

some of comp has private addresses 192.168.... and some of them have
to had public IP addreses.

1. solution
SNAT+DNAT on server - but some protocols are not well supported [ex.
H.323]
IP of comp's are set to 192.168.... but on DNAT is translated to IP public.

2. solution - this one of witch we discussing...
IP of comp's are normal public IP, on serwer is routing to this hosts,
proxy_arp is enabled, FORWARD for this comp's are not blocked
(etc..etc...)


I want to be able to set public IP's for computers in LAN. Is any
other solution ? I dont know about it - if you so - please let me know
:)
I am the ISP network administrator.

Thanks a lot.

-- 
Regards,
Marcin.
Reply to: