On Sun, 27 Oct 2002, Andrei D. Caraman wrote: > On Sun, Oct 27, 2002 at 08:31:53PM +0100, Peter Palfrader wrote: > > On Sun, 27 Oct 2002, Blars Blarson wrote: > > > > > weasel@debian.org writes: > > > > > > >I've the following setup: > > > > > > > > 10.200.118.0/24 (internal) > > > > | > > > > | > > > > | eth0:10.200.118.1 > > > > +--------+ > > > > | marvin | > > > > +--------+ > > > > | eth1: 10.2.2.20 > > > > | > > > > | > > > > 10.0.0.0/8 (external) > > > > > > > >Now if a host on the external network sends an 'arp who-has > > > >10.200.118.1' request marvin answers on eth1. > > > >Is there any way to _stop_ that behaviour? > > Maybe I'm blind, and then I appologize for increasing the noise > level on this list, but why would you want to stop that behaviour? > > How will the external hosts be able to reach internal ones? For > example, how does 10.3.3.3/8 find it's way to 10.200.118.1? Not at all. No host on the external network should even notice there is another network behind marvin. Unfortunatly marvin does answer arp requests for its address on the internal network and so leaks that information (it would do the same if the internal network was something not in 10/8). yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred. | : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `- http://www.debian.org/
Attachment:
pgpOGUEFjbLoy.pgp
Description: PGP signature