Ryan Rich wrote:
This is where I am getting confused I guess.... obviously 138.23.aa/24 and 138.23.bb/24 would normally be on physically separate networks, but in my case they are not. I suppose someone had a reason for this, but I don't know why.
I have gone through the shorewall documentation and read about aliasing, but I don't see anything that is similiar to my situation. Does anyone have any suggestions on how to go about making this work or is it just too wierd to have a network like this?
There's no way to do what you want unless both networks appear on both sides of your firewall (and all hosts on the LAN segments on both sides of the firewall have an address falling in both networks).
ARP is only used when communicating with a host in your own network.
Now if I setup my LEAF box to have the addresses (this is where this gets weird I guess, since normally they would be on physically separate networks) 138.23.aa.xx netmask 255.255.255.0 (eth0) and 138.23.bb.xx netmask 255.255.255.0 (eth0:0) can I not proxy arp for addresses in both subnets on my dmz?
If hosts connected to eth0 issue ARP "who-has 138.23.aa.xx" when talking to that host AND issue ARP "who-has 138.23.bb.xx" when talking to that host then it will work. I suspect that those hosts are doing the first but not the second because hosts connected to eth0 are in the 138.23.aa.0/24 network and not the 138.23.bb.0/24 network.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED]
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
