by I couldn't find this on the FreeBSD.org site. Perhaps I didn't look in
the right place?
I am trying to figure out how to set up an arp proxyall machine as a
firewall.
The site has only one network, and not enough space to subnet it.
It is fed with ADSL, and the ADSL router does not have any filtering
capability. The IP addresses below are just an example.
DSL box
192.9.200.1
!
!
-------------- addr 192.9.200.0 mask 0xfffffff0 "outside"
!
!
de0 ?
FreeBSD box
de1 192.9.200.2
!
!
-------------- addr 192.9.200.0 mask 0xfffffff0 "inside"
The FreeBSD machine will have ipfw rules to allow or deny
stuff as needed.
The idea is that the devices on the "inside" network will be able to
spot the router via the arp proxy magic. Similarly, the router will
also be able to spot inside devices via the arp proxy stuff.
But the packets need to be able to be routed once they get into the
FreeBSD machine. So de1 would have to have a route to the
192.9.200 network, but how does de0 find the router? I can't
add a 2nd route to the 192.9.200 network (it would only use one in
any case).
Does it work if I give de1 a 192.9.200 address and de0 192.9.200.2
with a netmask of 0xffffffff? Would the arpproxy stuff allow it to
find the router?
Is anyone doing this sort of thing?
--
tr 'a-z' 'n-za-m' : Happy Happy Joy Joy Happy Happy Joy Joy
or remove nospam in From: line : Happy Happy Joy Joy Happy Happy Joy Joy
http://www.kfu.com/~nsayer/ : Happy Happy Joy Joy Joy"