Proxy ARP should not normally used for routing. It was a compatability hack, for when sub-nettting was introduced, rather than the old fixed size networks based on Classes A, B & C.
A node incorrectly configured will perform an ARP, using the network mask, rather than the sub-network mask correct for it's LAN. Proxy ARP means the router will reply to this ARP request, and give it's MAC address to the source host, and then route the packet on to the destination from then on. It is possibly to use proxy ARP in creative ways, I've done it to reduce configuration on PCs running Windows, and solve the one-hop problem on multi-homed hosts, where clients address the other interface. But you really don't want to go near proxy ARP unless you really know why you're doing it, cos you'll just confuse yourself. For your needs : 1) Decide if you want to route or bridge. Should hosts in your segments, think they're in same LAN, or a different one. 2) If you need firewalling then decide where your Internet perimeter network is (DMZ|), and firewall between it and any of your interior networks. If your bad guys are internal, then treat them same as for the net. 3) If there's still a requirement for transparent bridging, then look into using Linux bridge, but it'll be simpler and cheaper (if you cost your time) to simply buy a switching hub, at a few hundred dollars, unless you're doing this as a hobby. In which case why the complexity? Surely one LAN, and a packet filter/ proxy firewall with dial up to the Internet will suffice. Rob ----- Original Message ----- From: "Jason Chan <MIS Dept.>" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[email protected]> Sent: Tuesday, October 24, 2000 4:18 AM Subject: RE: Setting up firewall on 2 interface within same subnet? DO u have any idea if i use Proxy-ARP to route the packets on the same subnet with IPchains filter or Bridge w/IPchains filter, which one will be a good F.W solution?? I'm had just a little bit confused inside.
