[TCLUG] Proxy ARP?

Sat Jun 30 14:31:15 CDT 2001

Gabe is correct in that there's a readily documented solution to this on
OpenBSD. The internal NIC should have a non-routable IP so your local
network can maintain the bridging router. The external NIC would not have
an IP. You *could* just not assign an IP to any NICs and then you'd just
have to go the console to admin it.

Just a note, given all the IPF->pf wierdness in *BSD and OpenBSD lately...
The stock 2.9 distro has IPF. You can also apply the patches at
http://www.openbsd.org/errata.html AND/OR track the patch branch. The only
OpenBSD that *doesn't* have IPF support is the -current source tree.
You'll have to get it installed using a stock distro first anyway so you
still get to use IPF. (pf is coming out shortly)

Josh

On Sat, 30 Jun 2001, Gabe Turner wrote:

> > Is proxy arp the way for me to go or is there a better way for me to get
> > there?
>
> Well, I've never used proxy arp, but this can be done with openbsd.  You
> put two NICs in your machine, one for incoming connection, one that
> goes to a hub/switch for your other machines.  Neither of the interfaces
> needs to use one of your "live" IP addresses.  In fact, I don't think they
> need IPs at all.  OpenBSD has a device called bridge0 that you would tell
> IPF to use.
>
> It's not a simple task and will require quite a bit of reading.  But once
> you've got it up, it's a perfectly transparent bridge.  You tell IPF which
> packets you want to throw away and it does so as they come across the line.
> I love having machines that people can ssh into, but can't ping. :)
>
> Now, OpenBSD isn't your only solution.  The exact same thing can be
> accomplished in Free and NetBSD as well, and I believe in Linux too, though
> I haven't played with bridging in Linux.
>
> I thought someone mentioned it maybe a month or so ago... Did you check the
> archives?
>
> Gabe
> --
> ------------------------------------------------------------------------
> Gabe Turner                                             gabe at msi.umn.edu
> SGI Origin Systems Administrator,
> University of Minnesota Supercomputing Institute
>  for Digital Simulation and Advanced Computation         www.msi.umn.edu
> ------------------------------------------------------------------------
> _______________________________________________
> tclug-list mailing list
> tclug-list at mn-linux.org
> https://mailman.mn-linux.org/mailman/listinfo/tclug-list
>