Proxy arp or bridge ?

To: debian-security@lists.debian.org
Subject: Proxy arp or bridge ?
From: Daniel Faller <Daniel.Faller@physik.uni-freiburg.de>
Date: Mon, 2 Jul 2001 18:21:56 +0200
Message-id: <[🔎] 01070218215600.26386@mahler.physik.uni-freiburg.de>
Reply-to: Daniel.Faller@physik.uni-freiburg.de

Hi,

sorry if this is a little bit off topic:

I am supposed to set up a firewall for ~ 60 PC's belonging to a part of a 
subnet.

As far as I have understood there are (at least) 2 possibilities for such a 
setup.
- Use proxy arp, and set a route for every PC behind the firewall
- Configure the firewall as bridge

I would prefer the proxy arp solution, but this would imply to set up 60 
routes, if I am correct. Would this be a performance problem ?
The firewall will be a pentium 133, kernel 2.4.5, with 2Intel Ether Express 
cards.

So, my question:

- Any opinions about which would be the best (easy to setup and maintain) 
most secure or fastest (in terms of network speed) solution ?

- Is there an easier solution then to set up a route for every ip, when the 
ip's are part of a larger subnet and not continuous ?
And how will performane decrease as a function of the number of routes ?

Any hints apprechiated.


     
Daniel


_____________________________________________
Daniel Faller
Fakultaet fuer Physik
Abt. Honerkamp
Albert-Ludwigs-Universitaet Freiburg

Tel.: 0761-203-5875
Fax.: 0761-203-5967 
e-mail: Daniel.Faller@physik.uni-freiburg.de
URL:    http://webber.physik.uni-freiburg.de/~fallerd

Reply to:

Follow-Ups:
- Re: Proxy arp or bridge ?
  - From: "Ian Miller" <ian.miller@wiliam.com.au>

Prev by Date: Re: ipchains
Next by Date: Re: Proxy arp or bridge ?
Previous by thread: PGP 2.x/GnuPG compatibility problems
Next by thread: Re: Proxy arp or bridge ?
Index(es):
- Date
- Thread