Re: Firewall Public IP's?

To: debian-firewall@lists.debian.org
Subject: Re: Firewall Public IP's?
From: Bulent Murtezaoglu <bm@acm.org>
Date: Thu, 11 Apr 2002 21:36:16 -0400 (EDT)
Message-id: <[🔎] 15542.14864.29236.970540@nkapi.internal>
In-reply-to: <[🔎] 87wuvdu2s7.fsf@inanna.rimspace.net>
References: <[🔎] 1018539247.3cb5acef8ec6d@heritage.sd57.bc.ca> <[🔎] 87k7rdvlb2.fsf@inanna.rimspace.net> <[🔎] 15542.9752.316092.550117@nkapi.internal> <[🔎] 87wuvdu2s7.fsf@inanna.rimspace.net>

>>>>> "DP" == Daniel Pittman <daniel@rimspace.net> writes:
[on proxy arp]
    DP> This is so that the client machines can still see the Cisco
    DP> box, which is presumably their default gateway, right?

I was thinking that the Cisco would be expecting to see a class C on
the internal ethernet and would just put things on the wire (after arp).  
Since they cannot touch the Cisco, the next best thing is to fake it
with proxy-arp!

    DP> I forgot to mention the easiest way to deal with that; setting
    DP> the firewall machine as the default gateway for the clients
    DP> also works.

Yup, that would take care of the internal side.  Though proxy-arp
probably would make things work OK with just the host route to the 
Cisco on the debian box.

cheers.

BM


-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Firewall Public IP's?
  - From: Mike Egglestone <megglestone@heritage.sd57.bc.ca>
- Re: Firewall Public IP's?
  - From: Daniel Pittman <daniel@rimspace.net>
- Re: Firewall Public IP's?
  - From: Bulent Murtezaoglu <bm@acm.org>
- Re: Firewall Public IP's?
  - From: Daniel Pittman <daniel@rimspace.net>

Prev by Date: Re: Firewall Public IP's?
Next by Date: Re: Firewall Public IP's?
Previous by thread: Re: Firewall Public IP's?
Next by thread: Re: Firewall Public IP's?
Index(es):
- Date
- Thread