Hi Alexey, Thank you for the 2 hints.
I have to think about how vether can help in my case. Using routing domains is a solution that would be more obvious to me. But so far we decided not to use routing domains in any case (we are at OBSD 4.8). We don't know how stable they are in any cases an they would change our firewall concept. Maybe we have to rethink about this. Having the trusted interface in 2 routing domains (as far as I know not possible) and having a rdomain option for arp (doing the proxy arp entry) could be a nice solution. An other idea I had was to tag ARP resonse packets, that come via proxy arp routing table enties, but how to do this easyly? We have a selfmade packet filter for layer 2 packets, where we could check the tag at each interface. Hendrik -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Alexey E. Suslikov Sent: Montag, 23. Januar 2012 16:58 To: [email protected] Subject: Re: Proxy ARP, but network interface specific Alexey E. Suslikov <alexey.suslikov <at> gmail.com> writes: > > So it seems that some code change is necessary. Are there some solutions, > > hints or papers or some ideas that could help us ? > > You can try to cook something using vether(4) and bridge(4). ... or maybe using rdomain - man ifconfig(4) Alexey
