Very Computer

1. I'm Desperate: Proxy ARP and Bridging without the Bridge

Hi everyone! I have a quick question about Proxy ARP. I've been trying
to get this thing working for days, and I can't seem to find any
documentation on this matter what so ever, so I'm hoping somebody out
there who knows a lot about networking (which isn't me!) can answer my
question!

I have some computers on a network 128.2.24.0, with a netmask of
255.255.252.0 (/22 I think?). The router is at 128.2.24.1. I wanted to
setup a "transparent firewall" with proxy arp and iptables and
friends. Naturally, I made a box with two network interfaces (It has
two IPs, .68, and .69.), and put my laptop on one side for testing,
and the public network is on the other side. I setup a static route
for my laptop on the firewall, and I can ping it from the firewall,
and can ping outside nodes from the firewall. The problem is - when I
enable proxy arp and IP forwarding, it only works for nodes in my
subnet (128.2.24.0/255.255.252.0)! I can ping outside hosts (still in
my subnet) from my laptop, and from machines in my subnet, I can ping
my laptop, too, so proxy ARP seems to be working. When I try to ping a
host on the Internet (not even on the rest of the 128.2.0.0/16
network, it doesn't work! Neither do any nodes outside
128.2.24.0/255.255.252.0. It's like everytime it needs the router to
route traffic, it doesn't work! I placed a protocol analyzer on the
outside, and I see the replies come back from the external test hosts,
but they never reach the other side of my firewall - they are
addressed to the computer on the other side (with a destination mac
address of 0:0:0:0:0:1?), but shouldn't the firewall "proxy" (i.e. act
as it) and accept those packets and forward them on? I even tried
putting the outside interface in promiscious mode! Nothing seems to
work! Do I need to put a route on the 128.2.24.1 router, telling it
about my firewall? But isn't this a "pseudo bridge?" Or is it the
router's ARP cache? I can't force it to expire (I don't have access to
it), so I can't verify that unfortunately. A route isn't an option,
either, so I hope I don't need one. Somebody in the CS department here
has done it, but they have their own CS router, so maybe he added a
route for his firewall on it... I'm lost!

Thanks for any reply and your time,

Jeff.

2. Comments on rdesktop?

3. Strange problems with pf / transparent bridge on OpenBSD 3.2

4. apache log file format

5. OpenBSD Transparent Bridging Firewall Active and Passive problem

6. multiple bonds and specific settings (primary, mode...)

7. Problem with selective bridge and NAT on 3 interface OpenBSD 2.9 box

8. xmitBin help

9. Bridged OpenBSD v3.1 Firewall Problem

10. Strange OpenBSD behaviour in a bridge setup

11. OpenBSD 3.0 bridge firewall not secure

12. Network Throughput on OpenBSD in Bridging Mode.

13. I'm about to throw my OpenBSD 3.0 server (transparent firewall bridge) out the window