Re: Setup of Internal Network with Many Real IPs

To: debian-firewall@lists.debian.org
Subject: Re: Setup of Internal Network with Many Real IPs
From: "Pulu 'Anau" <pulu@afe.to>
Date: Thu, 22 May 2003 09:18:31 +1300
Message-id: <[🔎] 1053548311.3ecbdf17ba651@cafe.afe.to>

Hi Blars,

I read your excellent article, and a similar one at 
http://www.sjdjweis.com/linux/proxyarp/ which really gave me some food for 
thought.  I'm attempting to do a similar thing (see my previous post) and one 
of the things I'm wondering about with this proxy arp solution is if the router 
even needs to have a "real" ip address if the gateway is set to the upstream?  
If I understand the theory of the whole thing, I can give the router an ip (on 
both interfaces) that would technically never be used, so doesn't have to be a 
valid address?

Also, with this proxy arp solution, it seems certain that everything traverses 
netfilter (even if you use the upstream gateway).  Do you know if it will also 
go through the traffic control system?

Just curious because allocation of extra public IPs from our ISP is very 
expensive.

Thanks for your HOWTO.

Pulu

----
Afe.to ANTS
POB 1478
Nuku'alofa, Tonga
Ph: Country code 676 - 27946 or 878-1332
http://www.afe.to
http://svcs.affero.net/rm.php?r=pulu

Quoting Blars Blarson <blarson@blars.org>:

> In article <[🔎] 20030521043926.GA22153@qk.com.au> lucas@stabat.com writes:
> >If I'm not mistaken, eth1 doesn't need an IP address.  My only concern
> >now is, how will 235 and 236 be able to find 237 and vice-versa?  That
> >will require more Iptables rules to route that traffic, correct?
> 
> eth1 does require an IP, but can use the same one as eth0.  Proxy arp
> can make the routing transparent to the hosts beond eth1.  This is
> exactly the situation described in my article.
> -- 
> Blars Blarson			blarson@blars.org
> 				http://www.blars.org/blars.html
> "Text is a way we cheat time." -- Patrick Nielsen Hayden
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 

-------------------------------------------------
This mail sent from Tonga's Premiere Internet Cafe
Visit us online at http://www.cafe.afe.to 
discussions @ http://www.nomoa.com/index.php
generic info @  http://www.tongatapu.net.to

Reply to:

Prev by Date: Re: Setup of Internal Network with Many Real IPs
Next by Date: Network Trouble
Previous by thread: Re: Setup of Internal Network with Many Real IPs
Next by thread: researching ipchains. General questions: differences between ipchains and iptables: syntactically different?
Index(es):
- Date
- Thread