o: Gerlach, Hendrik
Cc: tech@openbsd.org
Subject: Re: Proxy ARP, but network interface specific
On 2012/01/23 17:42, Gerlach, Hendrik wrote:
> I know the man page, but this doesn't help me. Normally Proxy ARP is used at
a
> router. But we have the need to use it at a transparent Firewall.
On 2012/01/23 17:42, Gerlach, Hendrik wrote:
> I know the man page, but this doesn't help me. Normally Proxy ARP is used at a
> router. But we have the need to use it at a transparent Firewall.
Typically on OpenBSD (and I think all BSDs) transparent firewalls have
been implemented by bridging rath
xey E. Suslikov
Sent: Montag, 23. Januar 2012 16:58
To: tech@openbsd.org
Subject: Re: Proxy ARP, but network interface specific
Alexey E. Suslikov gmail.com> writes:
> > So it seems that some code change is necessary. Are there some solutions,
> > hints or papers or some idea
each interface.
Hendrik
-Original Message-
From: owner-t...@openbsd.org [mailto:owner-t...@openbsd.org] On Behalf Of
Alexey E. Suslikov
Sent: Montag, 23. Januar 2012 16:58
To: tech@openbsd.org
Subject: Re: Proxy ARP, but network interface specific
Alexey E. Suslikov gmail.com> writes:
&
t: Re: Proxy ARP, but network interface specific
On Mon, 23 Jan 2012 12:11:26 +0100
"Gerlach, Hendrik" wrote:
> Hi,
>
> we use OpenBSD in a transparent firewall configuration.
>
> Because of different reasons we have the need for proxy-ARP at
> firewall'
Alexey E. Suslikov gmail.com> writes:
> > So it seems that some code change is necessary. Are there some solutions,
> > hints or papers or some ideas that could help us ?
>
> You can try to cook something using vether(4) and bridge(4).
... or maybe using rdomain - man ifconfig(4)
Alexey
On Mon, 23 Jan 2012 12:11:26 +0100
"Gerlach, Hendrik" wrote:
> Hi,
>
> we use OpenBSD in a transparent firewall configuration.
>
> Because of different reasons we have the need for proxy-ARP at
> firewall's internal network interface. To avoid information lost
> (e.g. by ARP-Scanning) at the ex
Gerlach, Hendrik siemens.com> writes:
> In opposite to Linux it seems to be impossible in OpenBSD to add proxy ARP
> entries only for a specific network interface (missing option for the ARP
> command) nor to disable proxy ARP at all for some interfaces (sysctl or
> ifconfig option).
>
> So it s
Hi,
we use OpenBSD in a transparent firewall configuration.
Because of different reasons we have the need for proxy-ARP at firewall's
internal network interface. To avoid information lost (e.g. by ARP-Scanning)
at the external interface it's necessary to allow proxy ARP only for the
internal side