Subject: Re: ethernet bridge + ipf = transparent firewall?
To: None <netbsd-users@netbsd.org>
From: Aaron J. Grier <agrier@poofygoof.com>
List: netbsd-users
Date: 08/22/2004 22:30:15
On Mon, Aug 23, 2004 at 03:18:53PM +1000, Malcolm Herbert wrote:
> On Sun, Aug 22, 2004 at 09:59:52PM -0700, Aaron J. Grier wrote:
> > I haven't tried this in a while, but could you proxy-arp on your
> > external interface for the hidden machine?
> 
> that's why a bridge would be better - assuming I can selectively
> restrict what goes over the bridge I don't have to do anything else
> ...  no proxy-arp, no NAT ... and as the Windows machine doesn't have
> to be given a fake IP, the license servers running on it won't have to
> be modified (which would mean waiting for new license keys to arrive
> from various companies, which has taken weeks in the past)

with proxy arp the only thing being proxied is at the ethernet level;
the rest is straight IP routing.  you don't change the IP of the windows
machine; just what other machines think its ethernet address is.  I
don't know if this would affect your license software or not.

-- 
  Aaron J. Grier | "Not your ordinary poofy goof." | agrier@poofygoof.com
  "someday the industry will have throbbing frontal lobes and will be able
  to write provably correct software.  also, I want a pony." -- Zach Brown