> I want to create a PROXY ARP entry on a interface (e.g eth0),
> but this IP
> belong to addresses NOT CONECTED DIRECTLY on this interface.
Yeah, that's, hmm, an odd thing to want to do.
> You understand to me?
Sort of. I know what you wish to do, and I _think_ I know why: You're
slightly confused about ARP :).
ARP is used to discover Layer-2 (MAC) addresses. Logically, then, when you
think about the way routing works, ARP is necessary ONLY for addresses on
the same subnet as the client's address. Proxy ARP allows the firewall to
respond to an ARP request for an address it does not physically have,
usually used for NAT addresses that are in the same subnet as the firewall's
interface that the NATed traffic comes in on.
If your NAT address is outside the firewall interface's subnet, all that's
needed is that the upstream router(s) know to route this traffic to the
firewall. Proxy ARPs are not necessary.
Go and study Layer-2/Layer-3 addressing interaction some more. It's an area
oft overlooked, as it seems so basic, yet a good understanding will do
wonders for the clarity of your network designs.
Regards
Shawn Behrens
Senior Security Engineer
CCMSE CCSE CCNA CNE
INTEGRALIS
Your Trusted Security Partner
111 Founders Plaza
13th Floor
East Hartford, CT 06108
USA
Tel: +1 860 291 0851
Fax: +1 860 291 0847
shawn.behrens AT integralis DOT com
www.integralis.com
> -----Original Message-----
> From: Mateo Cabrera - Security Advisor
> [mailto:mcabrera AT EASYNET.COM DOT UY]
> Sent: Tuesday, April 27, 2004 8:28 AM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: [FW-1] PROXY ARP, PROBLEM...!!!
>
> Saludos,
>
> Mateo Cabrera - Soporte Tecnico
> Security Advisor
> Soluciones en seguridad informatica
> Constituyente 1467 of. 802
> Tel/Fax: (598 2) 4004378
> 11200 Montevideo-Uruguay
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
Please note that:
1. This e-mail may constitute privileged information. If you are not the
intended recipient, you have received this confidential email and any
attachments transmitted with it in error and you must not disclose, copy,
circulate or in any other way use or rely on this information.
2. E-mails to and from the company are monitored for operational reasons and in
accordance with lawful business practices.
3. The contents of this email are those of the individual and do not
necessarily represent the views of the company.
4. The company does not conclude contracts by email and all negotiations are
subject to contract.
5. The company accepts no responsibility once an e-mail and any attachments is
sent.
http://www.integralis.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
