[Gllug] proxy-arp and a vpn
Chris Bell
chrisbell at overview.demon.co.uk
Sat Jun 18 07:53:09 UTC 2005
On Sat 18 Jun, Tom Schutzer-Weissmann wrote:
>
>
> I have an old Compaq laptop with 2 wireless cards, close enough to an
> ADSL router for a wireless connection. One wireless card talks to the
> router, one to my Thinkpad. Both have the same ip address, and I use
> proxy-arp to enable the Thinkpad, which has the address 192.168.2.200,
> to reach ADSL router and the internet beyond (obviously, the ADSL router
> is doing NAT)
>
I have a couple of ancient boxes running Debian with the bridge utils
package. One has two, the other three, network cards, all in promiscuous
mode, with IP tables filtering. The bridge utils package sets up an
invisible bridge with no visible IP address for the bridged FORWARD traffic,
while access to the box itself requires knowledge of the bridge IP address,
and can be restricted to just one or two boxes to allow limited admin
access. IP tables standard rules affect the FORWARD traffic between the
interfaces, while INPUT and OUTPUT control access to the local system in
each box. My two boxes work independently, controlling traffic on two
different connections, but I can control both from my local keyboard. I am
still adjusting the settings, but they are obviously working well.
You specify the rules to determine which external boxes are allowed to
connect to which network interfaces on which boxes, and whether they should
have permissions for INPUT, FORWARD, or OUTPUT connections.
Wireless working may introduce additional complications as the links may
switch wireless frequencies at any time, possibly affected by other wireless
networks in the area.
--
Chris Bell
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list