Re: Proxy ARP, but network interface specific

2012-01-23 Thread Gerlach, Hendrik
o: Gerlach, Hendrik Cc: tech@openbsd.org Subject: Re: Proxy ARP, but network interface specific On 2012/01/23 17:42, Gerlach, Hendrik wrote: > I know the man page, but this doesn't help me. Normally Proxy ARP is used at a > router. But we have the need to use it at a transparent Firewall.

Re: Proxy ARP, but network interface specific

2012-01-23 Thread Stuart Henderson
On 2012/01/23 17:42, Gerlach, Hendrik wrote: > I know the man page, but this doesn't help me. Normally Proxy ARP is used at a > router. But we have the need to use it at a transparent Firewall. Typically on OpenBSD (and I think all BSDs) transparent firewalls have been implemented by bridging rath

Re: Proxy ARP, but network interface specific - rdomains

2012-01-23 Thread Gerlach, Hendrik
xey E. Suslikov Sent: Montag, 23. Januar 2012 16:58 To: tech@openbsd.org Subject: Re: Proxy ARP, but network interface specific Alexey E. Suslikov gmail.com> writes: > > So it seems that some code change is necessary. Are there some solutions, > > hints or papers or some idea

Re: Proxy ARP, but network interface specific

2012-01-23 Thread Gerlach, Hendrik
each interface. Hendrik -Original Message- From: owner-t...@openbsd.org [mailto:owner-t...@openbsd.org] On Behalf Of Alexey E. Suslikov Sent: Montag, 23. Januar 2012 16:58 To: tech@openbsd.org Subject: Re: Proxy ARP, but network interface specific Alexey E. Suslikov gmail.com> writes: &

Re: Proxy ARP, but network interface specific

2012-01-23 Thread Gerlach, Hendrik
t: Re: Proxy ARP, but network interface specific On Mon, 23 Jan 2012 12:11:26 +0100 "Gerlach, Hendrik" wrote: > Hi, > > we use OpenBSD in a transparent firewall configuration. > > Because of different reasons we have the need for proxy-ARP at > firewall'

Re: Proxy ARP, but network interface specific

2012-01-23 Thread Alexey E. Suslikov
Alexey E. Suslikov gmail.com> writes: > > So it seems that some code change is necessary. Are there some solutions, > > hints or papers or some ideas that could help us ? > > You can try to cook something using vether(4) and bridge(4). ... or maybe using rdomain - man ifconfig(4) Alexey

Re: Proxy ARP, but network interface specific

2012-01-23 Thread Gregory Edigarov
On Mon, 23 Jan 2012 12:11:26 +0100 "Gerlach, Hendrik" wrote: > Hi, > > we use OpenBSD in a transparent firewall configuration. > > Because of different reasons we have the need for proxy-ARP at > firewall's internal network interface. To avoid information lost > (e.g. by ARP-Scanning) at the ex

Re: Proxy ARP, but network interface specific

2012-01-23 Thread Alexey E. Suslikov
Gerlach, Hendrik siemens.com> writes: > In opposite to Linux it seems to be impossible in OpenBSD to add proxy ARP > entries only for a specific network interface (missing option for the ARP > command) nor to disable proxy ARP at all for some interfaces (sysctl or > ifconfig option). > > So it s

Proxy ARP, but network interface specific

2012-01-23 Thread Gerlach, Hendrik
Hi, we use OpenBSD in a transparent firewall configuration. Because of different reasons we have the need for proxy-ARP at firewall's internal network interface. To avoid information lost (e.g. by ARP-Scanning) at the external interface it's necessary to allow proxy ARP only for the internal side