[Dnsmasq-discuss] DNSMasq, DHCP, Shorewall, and Proxy Arp
Rune Kock
rune.kock at gmail.com
Sun Feb 3 09:54:02 GMT 2008
On Feb 2, 2008 10:03 PM, richardvoigt at gmail.com <richardvoigt at gmail.com> wrote:
> On Feb 2, 2008 4:56 AM, Steve H. <steve at csquaredtech.com> wrote:
> > I've been trying to figure out how to get DNSMasq setup to serve DHCP for my
> > networks. I have a firewall setup according to the Shorewall
> > (http://www.shorewall.net ) proxy arp configuration. My firewall has two
> > interfaces :
> > eth0 1.2.3.4 (routable, internet facing)
> > eth1 192.168.0.1 (internal network)
> >
> > The firewall does proxy arp for several small networks:
> > w.x.159.160/28 (routable)
> > w1.x1.81.224/27 (routable)
> > (and 2 other /27 ranges)
> > The machines behind the firewall are all on the subnets (NOT the 192.168/16)
> > and have routes added to use 1.2.3.4 as the gateway. This all works great,
> > and simplifies things greatly as my isp caches arp replies for 6 hours (this
> > way, they always get replies from my firewall...and I can reconfigure the
> > internal network without problem.)
>
> This won't work, because 1.2.3.4 is outside the local subnet of the
> device, which therefore uses a gateway to reach it. You need a local
> gateway.
Actually, I think proxy arp makes it possible to do this, even if it
goes against all the usual rules. Proxy arp is cheating, you know...
More information about the Dnsmasq-discuss
mailing list