Giacomo Mulas wrote: > Another solution for even more complete transparency is to use a > firewalling bridge, see http://bridge.sourceforge.net for more resources > on that. The latter solution is probably the best, as it even allows to > set up two identical machines side by side, and they will automagically > agree that one actually does bridging while the other sits in standby, > ready to take over with virtually no downtime should the first one fail > (hardware problems hurt...). But this extra flexibility comes at a cost: > you have to patch the kernel, learn to use some more user space tools to > handle the bridging part, probably use both iptables and ebtables (you > find patches and user space tools at the URL above), the former to handle > IP, the latter to handle firewalling of network protocols other than IP. > > The (simpler) working solution I have here is just based on > proxy-arp+iptables.
You can do all of this very simply with 2 gate, vrrpd and a little script (to activate proxy-arp on the spare box) > > I would probably have a dhcp server setup to assign the > > workstaions their IP's and set their gateway to that of > > the Debian's eth1. (x.x.x.252) > > which means that you can easily handle the configuration of the clients > and don't need proxy-arp. You'll need it on the side of the cisco. Wacquiez S�bastien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
