--- On Tue, 11/27/12, Simon Hobson <[email protected]> wrote:
> Though if you have something trying to contact lots of IP
> addresses,
> it will do more ARP lookups rather than directing the
> packets via the
> default gateway when they aren't on the same subnet.
Now that you mention it, in my simplified example, if I ping from 'loc' host at
10.215.144.1 to 'net2' host at 10.215.0.1 and run this on the shorewall
firewall ('loc' interface):
tcpdump -n -i $IF_LOC "broadcast"
20:37:20.270910 arp who-has 10.215.0.1 tell 10.215.144.1
So maybe this is what the tech guy meant. It doesn't affect his 'net2' network
but may affect mine ('loc' is a mixed 1G-100Mbps network).
A basic question: should I expect an "arp who-has" on Shorewall's $IF_LOC
(eth0) for an IP address that according to the firewall's routing table should
be found via $IF_NET2 (eth2)?
If 10.215.144.1 didn't have netmask /16 then I guess the "arp who-has" wouldn't
take place and it could still talk to 10.215.0.1 via the shorewall box/router.
Am I right?
Vieri
------------------------------------------------------------------------------
Keep yourself connected to Go Parallel:
DESIGN Expert tips on starting your parallel project right.
http://goparallel.sourceforge.net
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
