Hi, I've run into a network problem and I'm trying to figure out the quickest route out.
I have a shorewall router with several zones but I have different physical hosts with the same IP addresses in 2 different zones (lan and caib). My interfaces file contains the following: lan $IF_LAN detect routeback,proxyarp=1 wan $IF_WAN detect routeback,proxyarp=1 caib $IF_CAIB detect dmz $IF_DMZ detect dhcp,proxyarp=1 road ppp+ I need "lan" hosts to communicate with certain IP ranges in the caib zone (and that works fine). However, I don't want to allow traffic from "lan" to a specific IP range in "caib" (say, 10.215.146.0/24). At the same time, I want to be able to have hosts within the lan zone to have static IP addresses within 10.215.146.0/24. Default firewall policy and rules are set up to block most traffic from caib<->lan zones. However, ARP requests still go through as expected. So if by any chance there's another host in the "caib" zone with the same IP address, the hosts in the "lan" zone will fail to assign their static IP address because a network conflict will arise, saying that there is a host in the caib zone with a certain MAC addr. that already has that IP address. So is there a way for me to ignore or "poison" ARP messages for a specific IP range (eg. 10.215.146.0/24) and just for the "caib" zone? I know I can "switch ARP off" on a per-ethernet device basis but if I did that then wouldn't it clobber "legitimate" traffic to/from CAIB hosts that, say, are not within the 10.215.146.0/24 range? Or is there any other solution, apart from changing the "lan" hosts' IP addresses to a non-overlapping value? Thanks, Vieri PS: I've heard of "arptables" but haven't even tried it and am not sure it can help. ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
