Does anyone know what a good maximum number of machines I should place in the ProxyArp list? Thanks Jamie
Robert K Coffman Jr - Info From Data Corporation
2004-Oct-28 15:44 UTC
RE: Maximum ProxyArp
How many external IPs do you have? How much bandwidth do you need to be able to handle? - Bob Coffman -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net]On Behalf Of Thibodeau, Jamie L. Sent: Thursday, October 28, 2004 11:35 AM To: Mailing List for Shorewall Users Subject: [Shorewall-users] Maximum ProxyArp Does anyone know what a good maximum number of machines I should place in the ProxyArp list? Thanks Jamie _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
On Thu, 2004-10-28 at 08:35, Thibodeau, Jamie L. wrote:> Does anyone know what a good maximum number of machines I should place > in the ProxyArp list? >When you have enough systems that it makes sense to subnet the internal zone (ususally a DMZ) using public IP addresses, then I would do so and set the ''proxyarp'' option on the interface to that zone and on the external interface (rather than listing the individual IP addresses in the proxyarp file). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Thanks Tom, Does that affect how I would address the systems in that zone, meaning would I still set the systems up as if they were parallel to the firewall instead of behind it? Jamie -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Tom Eastep Sent: Thursday, October 28, 2004 10:53 AM To: Mailing List for Shorewall Users Subject: Re: [Shorewall-users] Maximum ProxyArp On Thu, 2004-10-28 at 08:35, Thibodeau, Jamie L. wrote:> Does anyone know what a good maximum number of machines I should place> in the ProxyArp list? >When you have enough systems that it makes sense to subnet the internal zone (ususally a DMZ) using public IP addresses, then I would do so and set the ''proxyarp'' option on the interface to that zone and on the external interface (rather than listing the individual IP addresses in the proxyarp file). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
First answer lots (about 20 when I''m done) Second answer lots (I have a 100Mb/s to the switch and the switch is uplinked to our trunk with 1Gb/s) -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Robert K Coffman Jr - Info From Data Corporation Sent: Thursday, October 28, 2004 10:44 AM To: Mailing List for Shorewall Users Subject: RE: [Shorewall-users] Maximum ProxyArp How many external IPs do you have? How much bandwidth do you need to be able to handle? - Bob Coffman -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net]On Behalf Of Thibodeau, Jamie L. Sent: Thursday, October 28, 2004 11:35 AM To: Mailing List for Shorewall Users Subject: [Shorewall-users] Maximum ProxyArp Does anyone know what a good maximum number of machines I should place in the ProxyArp list? Thanks Jamie _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
On Thu, 2004-10-28 at 09:02, Thibodeau, Jamie L. wrote:> Thanks Tom, > > Does that affect how I would address the systems in that zone, meaning > would I still set the systems up as if they were parallel to the > firewall instead of behind it? >Yes -- see the ''Routed'' example in the Shorewall Setup Guide. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key