[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
double proxy arp ?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: double proxy arp ?
- From: Marc Dubrowski <marcus_(_at_)_kbinirsnb_(_dot_)_be>
- Date: Wed, 19 Apr 2000 10:16:01 +0200
- Organization: KBINIRScNB
- Reply-to: marcus_(_at_)_kbinirsnb_(_dot_)_be
Hi,
I'm in charge of building a firewall for my company, at low cost.
My goal is to create two subnets: one for the dmz and one for the servers;
the pc are on 192.168.x.x subnets.
As we don't have access to our router which is provided by our, ISP, I want to
proxy arp the requests from the net through a packet-filter OpenBSD Box. The
network should in the end look like this:
Internet
|
------------------------------ |
| 193.x.x.0/24 -------------
| --------------- router
| | 190.x.x.1
| | subnet -------------
| | 193.x.x.0/29 |
| | ----------------
| --------------- 190.x.x.2
|
| proxyarp/filter
| ---------------
| | 190.x.x.5
| | subnet ----------------
| | 193.x.x.4/28 |
| | |
| |
| | DMZ
| | (1 bastion host)
| |
| |
| | |
| | |
| | ----------------
| | 190.x.x.10
| ---------------
| internal router
| (openbsd filter) (proxyarp ?)
| ---------------
| | 190.x.x.13
| | subnet -----------------
| | 193.x.x.12/25 |
| | ----------------------------
| | Internal subnet
| ---------------
|
---------------------------------------------
The problem is that ther still will be one server in the internal network that
will have to be accessible from the internet for telnet access.
I thought I could do a double proxyarp on both openbsd boxes, but It doesn't
seem to work.
I noticed that linux's arp program could proxyarp to subnets, not only to
hosts. But I don't want to use Linux and lose ipf's power and easyness.
What would be the solution for this ?
Any Idea ?
Thanks in advance
Marc
--
Marc Dubrowski
Kind of a Network Administrator
K.B.I.N.I.R.Sc.N.B.
29 rue Vautier B-1040 Brussels, Belgium
Visit your host, monkey.org