Subject: Re: ethernet bridge + ipf = transparent firewall?
To: Aaron J. Grier <agrier@poofygoof.com>
From: Malcolm Herbert <mjch@mjch.net>
List: netbsd-users
Date: 08/23/2004 15:18:53
On Sun, Aug 22, 2004 at 09:59:52PM -0700, Aaron J. Grier wrote:
|On Mon, Aug 23, 2004 at 02:48:25PM +1000, Malcolm Herbert wrote:
|> I have a situation where I'm wanting to put a windows box behind a
|> NetBSD box, but have both appear to be on the same network with their
|> addresses on the same local network (ie, I do not want to do NAT)
|> because there are services which are hosted on the Windows box which
|> need to be visible to clients.
|
|I haven't tried this in a while, but could you proxy-arp on your
|external interface for the hidden machine?

that's why a bridge would be better - assuming I can selectively
restrict what goes over the bridge I don't have to do anything else ...
no proxy-arp, no NAT ... and as the Windows machine doesn't have to be
given a fake IP, the license servers running on it won't have to be
modified (which would mean waiting for new license keys to arrive from
various companies, which has taken weeks in the past)

sorry, I hadn't mentioned why I didn't think I could use NAT ...

-- 
Malcolm Herbert                                    System Administrator
ph [990] 54881 rm 28-241                          School of GeoSciences