Tom Eastep wrote: >In this setup, I would simply set the 'proxyarp' option on all >interfaces and not worry about entries in /etc/shorewall/proxyarp.
I have one question here. I use routing entries to direct traffic for specific IP addresses to the right VLAN, and proxy-arp takes care of the rest. If a device is misconfigured, it'll then send out ARP requests giving it's own incorrect IP address as it's source. As I understand it, the proxy ARP code will simply repeat that ARP request over the appropriate interface - which means we could "hijack" an IP address that's in use. So I definitely need to do <something> to prevent this - I know the misconfigured device won't actually get any replies, but it could still poison ARP caches on the network. Or have I missed something ? >And I >would not use a bridge -- I would subnet the /24 and route between the >VLANs. Yes, that would be the ideal way, but for a variety of reasons it isn't going to happen. Not least, it would probably take weeks (or even months !) to shuffle stuff around - I could shift my stuff fairly quickly, but there's stuff I don't manage, and it can be "difficult" getting changes made. Amongst the changes needed would be to move the default gateway - which of course means reconfiguring everything on the network - while not updating the netmask ona few things might not be the end of the world. Very much a case of "I wouldn't start from here" if I had the choice. Also, once I've got it working, there may be other sites we'd want to use it on where we wouldn't have the luxury of spare addresses. We've just lost one site where we had just a /28 (14 usable addresses) and over a dozen customers connected. ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
