On Thu, 8 Mar 2007 at 20:35 -0700, Michael Torrie wrote: > On Thu, 2007-03-08 at 19:46 -0700, Hans Fugal wrote: > > Can you tell I'm reworking my LAN? > > > > I have a public /29 subnet, meaning I get 6 public IPs. Amazingly > > enough, I have 6 devices that could use a public IP. Perhaps even more > > astounding, I on occasion have more devices that get a private IP in the > > range 172.17.0.0/24. > > > > Here is how I want things to work: > > > > ISP -- cisco -- openwrt -- LAN > > > > cisco, openwrt, and 4 devices in the LAN have public IP addresses in the > > same /29 subnet. I want openwrt to do NAT (as needed for the private > > subnet), routing, and firewall. > > NAT is your answer.
Absolutely not. NAT is out of the question. NAT always causes more problems than it solves, even in enterprise. In enterprise, you have full-time sysadmins to go around chasing NAT issues and keeping a semblance of normalcy. I know, I used to be one. I will set my network up and just let it run. I will not be a slave to NAT. </rant> > You can do this by either creating 4 virtual interfaces on the openwrt > box, or using some kind of proxyarp solution. Proxy ARP is the magic I needed. http://www.sjdjweis.com/linux/proxyarp/ It's working nearly perfectly. But for some reason the real MAC addresses are leaking through the openwrt and getting into the cisco's arp cache after a few (randomly distributed) minutes. Just how this is happening is a mystery to me. Do you know? The only thing I can think of is if my vlan is 'leaking'. Thanks! -- Hans Fugal ; http://hans.fugal.net There's nothing remarkable about it. All one has to do is hit the right keys at the right time and the instrument plays itself. -- Johann Sebastian Bach
signature.asc
Description: Digital signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
