Re: routing: subnet behind gateway in that subnet
Stefan Radomski wrote:
> Hi there,
Hello,
>
> I am not sure wether this is the right ml to ask, as it is a generic
> routing issue and not directly related to debian (our router runs woody
> if that counts) if anyone flames me away as offtopic, please supply me
> with a more apt ml :)
It seems that -firewall welcomes general networking questions, so ask
away ;)
> We were given a subnet with a 255.255.255.224 subnet mask, thus 5Byte
> for the hostmask. In the prior setup all the hosts in that subnet were
> behind a switch, so the gateway at the "computer center" (the place
> where all the networking is done) would send all packets for that subnet
> down the line.
>
> We liked the idea to have a router/firewall at our end of the cable too,
> to further seperate the network to fit our needs and enforce security
> policies. At first only the router was reachable from the internet,
> because the gateway at the computer center expected all these computers
> at the same line, but only the router would respond.
I don't have any experience with this sort of situation, but I think
what you want is proxy arp on your firewall. This causes the firewall to
answer arp requests from the solaris box with its own MAC address, and
then forward the packets it receives to the correct box. Should be
transparent to the solaris box, and to your subnet it will just be a
normal gateway.
On first look, there seems to be a usable HOWTO at
http://www.sjdjweis.com/linux/proxyarp/, and probably at LinuxDoc as
well.
HTH,
Jason
Reply to: