Simon Matter wrote: >I'm afraid I don't really understand all details and also I don't have any >experience with ADSL/PPPoE stuff. But I have something using Cable here >which looks a bit similar so maybe you could try like so: > >on the firewall: >ppp0 is 192.0.2.1/32 >eth0 is 192.168.1.1/24 >default gw is via ppp0 (don't know exactly how this looks like with ppp) > >then do proxyarp with shorewall on the firewall: >192.0.2.2 eth0 ppp0 >192.0.2.3 eth0 ppp0 >192.0.2.4 eth0 ppp0 > >now connect clients to eth0 and configure them like this (yes, I know "ip" >is there...): > >ifconfig eth0: >eth0 Link encap:Ethernet HWaddr 00:5C:A4:4D:81:5A > inet addr:192.0.2.2 Bcast:192.0.2.2 Mask:255.255.255.255 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > >route -n: >Kernel IP routing table >Destination Gateway Genmask Flags Metric Ref Use Iface >0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 eth0 > >Sorry if this is completely nonsense for what you try to do :)
Yes it's what I'm trying to do, but from the reading I've done I'm not sure it'll work - and there's another restriction that comes into play as well. The first issue is whether proxyarp works over a PPP link - I'm guessing on your cable connection you just get IP packets over ethernet ? From what I've found, proxy-arp only works on ethernet-like interfaces, not PPP which doesn't have MAC addresses. The other restriction is that we cannot (in the specific case I'm needing to solve at the moment) change the config on some of the clients. Some of them are secure gateways, and getting even a simple change done requires change management procedures and a new security audit. Lastly, if done as you suggest, does this allow clients to talk to each other ? Eg, can 192.0.2.2 and 192.0.2.3 communicate using those addresses ? -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
