Thanks for taking the time to reply!
Please let me rephrase my query (and simplify it) because it's not easy for me
to explain so I'll try to lay it out straight.
loc: my local LAN with just 2 hosts: 10.215.147.1 and 10.215.144.1 with default
gateway 10.215.144.91. Let's just suppose for a moment that these 2 hosts MUST
have netmask /16.
net2: remote network I can't control and has just 2 hosts: 10.215.147.1 and
10.215.0.1.
$FW: shorewall firewall controls loc <-> net2 and other zones.
$FW's LAN IP addr (facing 'loc'): 10.215.144.91/16 ;
$FW's IP addr facing 'net2': 172.20.11.62 netmask 255.255.255.240
$FW's only routing rule regarding traffic loc<->net2: "10.215.0.0 netmask
255.255.255.0 gw 172.20.11.49" ; all other traffic routed to another interface.
shorewall policy:
net2 loc DROP
loc net2 DROP
shorewall rules:
ACCEPT loc:10.215.144.1 net2 all
ACCEPT net2:10.215.0.1 loc all
shorewal interfaces:
loc $IF_LOC detect routeback,proxyarp=1,arp_filter=1
net2 $IF_NET2 detect arp_filter=1
So in this simplified setup both hosts in 'loc' can communicate. Also,
10.215.144.1 in 'loc' and 10.215.0.1 in 'net2' can communicate.
I do NOT require 10.215.144.1 in 'loc' to talk to 10.215.147.1 in 'net2'.
Also, I do NOT require 10.215.147.1 in 'loc' and 10.215.0.1 in 'net2' to talk
to each other.
So with the above setup everything works fine because I don't need hosts with
overlapping IP addresses in different zones to talk to each other.
However, a tech from the remote network has stated (without explaining why)
that having a /16 netmask in 'loc' instead of a more narrow mask would generate
too many broadcasts in his network (net2).
I'd like to know:
1) if this statement is correct given the above setup description.
2) if a higher broadcast is a "significant" network load.
Of course it would be better to have non-overlapping IP addresses and
finer-defined netmasks but my assumption is that I don't want/need hosts with
overlapping IP addresses to communicate (routing + shorewall iptables rules).
On the other hand, I'd like to fully understand the broadcast issue and
determine if it really is an "issue" or not.
Thanks,
Vieri
------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
