This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Quick Proxy Arp/Subnet Question

I'm doing the whole "don't touch the router, let the proxy arp'ed WAN NIC grab all packets for the DMZ and pass them to the static addresses there thing."

I've currently split my subnet into 2 smaller ones: 1 "containing" the router and ASL (and my existing unprotected hosts) and the other being used for the DMZ. This works fine.

My question is do I have to split my subnet into 2 pieces? Can I let the DMZ be the full subnet and have the other tiny network work? I'd like to be able to protect all 64 of my IPs. I don't want to touch the router. What would the config for the outside NIC be?

Thanks,
- John

This thread was automatically locked due to age.

0 ollion over 23 years ago

John,

theoretically it is possible to leave the subnet
on the external network. Would be nescessary to
assign a phantasy ip address to the dmz interface
and enable proxy arp on this interface as well - but
the you run into the problem of ip spoofing protection,
because packets which seems to be from the external net
appear at the dmz interface.

regards
ollion
Cancel
Vote Up 0 Vote Down

Cancel