On Fri, Aug 23, 2013 at 11:16:12AM -0600, Bob Proulx wrote:
> The device will still have an ethernet address whether you assigned
> one to it or not. It is not necessary for you to assign one since one
> has already been assigned by default. (From the vendor. Or in the
> case of virtual hardware from the software that created the
> simulation.)
Uhhm, no.
# ifconfig tun0
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.28.49.1 P-t-P:10.28.49.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:68 errors:0 dropped:0 overruns:0 frame:0
TX packets:449 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:6880 (6.7 KiB) TX bytes:97290 (95.0 KiB)
The above is from the VPS, with the openvpn connection from the laptop
running. This is a tun device, which doesn't require a MAC address at
all to function as I understand it.
> Now it is my turn to say that this is a confusing topic but yes it
> really does work. Since it is fully documented in the proxy arp
> reference above I won't describe it here and make mistakes doing so.
> But you will just have to trust that yes proxy arp does work just fine
> in that situation.
I thought this over again with my brain fresher in the afternoon than
it was last night, and you are right, it would work in this situation
as long as the tun device had a MAC address of course.
>
> Meanwhile, if you understand the method that you used as you described
> then that is fine too. It is better because you understand it. Don't
> let me distract you. I only mentioned proxy arp because it is one of
> the standard strategies. But by no means is it the only one.
Thanks for doing so, it's appreciated.
> And I read here that you still don't say what services you are trying
> to enable! Saying "didn't want the VPS to do any firewalling" doesn't
> mean anything. That is okay though. I take that to mean "gotta have
> my freedom, its all about freedom baby, room to breath". :-)
I want all available services/ports/whatever. I'll deal with
restricting access on the laptop side, rather than on the VPS side.
>
> But the reason I asked was because often I need a very specific set of
> services such as web or mail or ssh and setting up a dedicated
> connection just for those specific services is often easier and very
> robust. Such as using a web proxy. Such as using a tunneled port.
> Other possibilities.
Yes, I have thought of that, and am aware of doing things this
way. Thanks for pointing it out.
Greg
--
web site: http://www.gregn..net
gpg public key: http://www.gregn..net/pubkey.asc
skype: gregn1
(authorization required, add me to your contacts list first)
--
Free domains: http://www.eu.org/ or mail dns-mana...@eu.org
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130823220511.gb10...@gregn.net
