Erich Titl wrote:
Charles
At 06:57 16.07.2004 -0500, Charles Steinkuehler wrote:Erich Titl wrote:Charles interesting approach do you do any mac based filtering?
Not at the moment...filtering is strictly based on IP (and on the interface a system is connected to).
Thanks, one more question though, IIRC you can only proxy arp a single address per interface. Do you have single hosts on these interfaces? Because in my case we will have parts of the entire net being fed off the interfaces.
Where did you get that idea?
Proxy-arp is based on the kernel routing tables, so you can do pretty much anything that's possible with IP routing.
Of course, it's easier to make sense of your network (and create the routing rules) if you lump the machines on each interface into natural groups specifiable with one (or a few) CIDR masks.
By way of example, assume a /24 public network a.b.c.x connected to eth0, and you want to carve out 4 DMZ networks. A possible routing setup for this might look something like:
# By default assume an IP is on the upstream interface, not behind # the firewall ip route add a.b.c.0/24 via eth0
# Create a 'big' DMZ for most public hosts ip route add a.b.c.0/25 via eth1 # First 128 IPs ip route add a.b.c.128/26 via eth1 # Next 64 IPs
# 32 IPs for personal machines ip route add a.b.c.192/27 via eth2
# 16 IPs for friend's DMZ ip route add a.b.c.224/28 via eth3
# 16 IPs for testing DMZ ip route add a.b.c.240/28 via eth4
# 'big DMZ' machine in testing temporarily for quarentine # note more specific route to .66 overrides .0/25 route, above ip route add a.b.c.66 via eth4
ie: you can chop up your networks anyway you want...you just have to build the appropriate routing rules and enable proxy-arp on all appropriate interfaces (eth0-4, above)
-- Charles Steinkuehler [EMAIL PROTECTED]
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
