[Dnsmasq-discuss] DNSMasq, DHCP, Shorewall, and Proxy Arp

Rune Kock rune.kock at gmail.com
Sun Feb 3 09:54:02 GMT 2008


On Feb 2, 2008 10:03 PM, richardvoigt at gmail.com <richardvoigt at gmail.com> wrote:
> On Feb 2, 2008 4:56 AM, Steve H. <steve at csquaredtech.com> wrote:
> >   I've been trying to figure out how to get DNSMasq setup to serve DHCP for my
> > networks.  I have a firewall setup according to the Shorewall
> > (http://www.shorewall.net ) proxy arp configuration.  My firewall has two
> > interfaces :
> >   eth0 1.2.3.4 (routable, internet facing)
> >   eth1 192.168.0.1 (internal network)
> >
> > The firewall does proxy arp for several small networks:
> >   w.x.159.160/28 (routable)
> >   w1.x1.81.224/27 (routable)
> >   (and 2 other /27 ranges)
> > The machines behind the firewall are all on the subnets (NOT the 192.168/16)
> > and have routes added to use 1.2.3.4 as the gateway.  This all works great,
> > and simplifies things greatly as my isp caches arp replies for 6 hours (this
> > way, they always get replies from my firewall...and I can reconfigure the
> > internal network without problem.)
>
> This won't work, because 1.2.3.4 is outside the local subnet of the
> device, which therefore uses a gateway to reach it.  You need a local
> gateway.

Actually, I think proxy arp makes it possible to do this, even if it
goes against all the usual rules.  Proxy arp is cheating, you know...



More information about the Dnsmasq-discuss mailing list