Hi Stuart,
> To disable proxy ARP per-interface, I think it would need to be
> exported from the kernel via an ioctl and then exposed by an ifconfig
> option (as is done with the option to disable ARP entirely per-interface).
Yes, of course. This would be the easier task I think. The harder tasks
On 2012/01/23 17:42, Gerlach, Hendrik wrote:
> I know the man page, but this doesn't help me. Normally Proxy ARP is used at a
> router. But we have the need to use it at a transparent Firewall.
Typically on OpenBSD (and I think all BSDs) transparent firewalls have
been implemented by bridging rath
CURSO TALLER
Tecnicas Especializadas en los Procesos de Credito y Cobranza
Duracion: (1 dma) 8 hrs.
Inversion: $ 4,150 pesos mas IVA
Objetivo: Reconozca y cimente los principios y metodos que puede aplicar
en el otorgamiento de CREDITO, LA PREVENCION y RECUPERACION de la CARTERA
por CREDITOS M
Hi Alexey,
Thank you for the 2 hints.
I have to think about how vether can help in my case.
Using routing domains is a solution that would be more obvious to me. But so
far we decided not to use routing domains in any case (we are at OBSD 4.8).
We don't know how stable they are in any cases an t
Hi Alexey,
Thank you for the 2 hints.
I have to think about how vether can help in my case.
Using routing domains is a solution that would be more obvious to me. But so
far we decided not to use routing domains in any case (we are at OBSD 4.8).
We don't know how stable they are in any cases an t
Hi Gregory,
I know the man page, but this doesn't help me. Normally Proxy ARP is used at a
router. But we have the need to use it at a transparent Firewall.
And there the proxied ARP requests are answered to both sides of the firewlll:
the internal, trusted side (like wanted), but also to the
ext
Alexey E. Suslikov gmail.com> writes:
> > So it seems that some code change is necessary. Are there some solutions,
> > hints or papers or some ideas that could help us ?
>
> You can try to cook something using vether(4) and bridge(4).
... or maybe using rdomain - man ifconfig(4)
Alexey
On Mon, 23 Jan 2012 12:11:26 +0100
"Gerlach, Hendrik" wrote:
> Hi,
>
> we use OpenBSD in a transparent firewall configuration.
>
> Because of different reasons we have the need for proxy-ARP at
> firewall's internal network interface. To avoid information lost
> (e.g. by ARP-Scanning) at the ex
Gerlach, Hendrik siemens.com> writes:
> In opposite to Linux it seems to be impossible in OpenBSD to add proxy ARP
> entries only for a specific network interface (missing option for the ARP
> command) nor to disable proxy ARP at all for some interfaces (sysctl or
> ifconfig option).
>
> So it s
Hi,
we use OpenBSD in a transparent firewall configuration.
Because of different reasons we have the need for proxy-ARP at firewall's
internal network interface. To avoid information lost (e.g. by ARP-Scanning)
at the external interface it's necessary to allow proxy ARP only for the
internal side
10 matches
Mail list logo
