Shorewall users - May 2011 - Proxy arp work for this setup?

Here are my interfaces.  Note how the ISP sends all traffic to the one interface
on a different subnet then the subnet(s) they have given us

# from isp
address x.x.57.7
netmask 255.255.255.254
gateway x.x.57.6

# assigned subnet 1
x.x.114.53/29

# assigned subnet 2
x.x.114.113/29

Can I setup proxy arp the same way as in the setup guide and put both the
assigned subnets on the same dmz interface or will I have issues because the
gateway is not on either subnet?  Looks almost like a static ptp to me.

Regards
------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay

On 05/16/2011 01:55 PM, Douglas Hammond wrote:
> Here are my interfaces.  Note how the ISP sends all traffic to the one
interface on a different subnet then the subnet(s) they have given us
> 
> # from isp
> address x.x.57.7
> netmask 255.255.255.254
> gateway x.x.57.6
> 
> # assigned subnet 1
> x.x.114.53/29
> 
> # assigned subnet 2
> x.x.114.113/29
> 
> Can I setup proxy arp the same way as in the setup guide and put both the
assigned subnets on the same dmz interface or will I have issues because the
gateway is not on either subnet?  Looks almost like a static ptp to me.

This should work without proxy ARP. Presumably, the ISP is routing
subnet 2 via the x.x.114.53 address.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay

Sorry the first subnet is 

x.x.57.53/29

I believe the ISP is routing both assigned subnets to x.x.57.7.

Is it best to just alias the dmz interface and route?
eg   eth2 x.x.57.54 and eth2:0 x.x.114.114?

By reading the setup guide proxy arp looked like it may be easier.  It looks
like I could just assign and unused local subnet to eth2 and put all my dmz
hosts for both assigned subnets on it.

On 2011-05-16, at 5:02 PM, Tom Eastep wrote:
> On 05/16/2011 01:55 PM, Douglas Hammond wrote:
>> Here are my interfaces.  Note how the ISP sends all traffic to the one
interface on a different subnet then the subnet(s) they have given us
>> 
>> # from isp
>> address x.x.57.7
>> netmask 255.255.255.254
>> gateway x.x.57.6
>> 
>> # assigned subnet 1
>> x.x.114.53/29
>> 
>> # assigned subnet 2
>> x.x.114.113/29
>> 
>> Can I setup proxy arp the same way as in the setup guide and put both
the assigned subnets on the same dmz interface or will I have issues because the
gateway is not on either subnet?  Looks almost like a static ptp to me.
> 
> 
> This should work without proxy ARP. Presumably, the ISP is routing
> subnet 2 via the x.x.114.53 address.
> 
> -Tom
> -- 
> Tom Eastep        \ When I die, I want to go like my Grandfather who
> Shoreline,         \ died peacefully in his sleep. Not screaming like
> Washington, USA     \ all of the passengers in his car
> http://shorewall.net \________________________________________________
> 
>
------------------------------------------------------------------------------
> Achieve unprecedented app performance and reliability
> What every C/C++ and Fortran developer should know.
> Learn how Intel has extended the reach of its next-generation tools
> to help boost performance applications - inlcuding clusters.
>
http://p.sf.net/sfu/intel-dev2devmay_______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users

------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay

On 05/16/2011 02:16 PM, Douglas Hammond wrote:
> Sorry the first subnet is 
> 
> x.x.57.53/29
> 
> I believe the ISP is routing both assigned subnets to x.x.57.7.
> 
> Is it best to just alias the dmz interface and route?
> eg   eth2 x.x.57.54 and eth2:0 x.x.114.114?
> 
> By reading the setup guide proxy arp looked like it may be easier.  It
looks like I could just assign and unused local subnet to eth2 and put all my
dmz hosts for both assigned subnets on it.
> 
Do nothing except enable routing! Thats *all* you need to do.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay

On 05/16/2011 02:28 PM, Tom Eastep wrote:
> On 05/16/2011 02:16 PM, Douglas Hammond wrote:
>> Sorry the first subnet is 
>>
>> x.x.57.53/29
>>
>> I believe the ISP is routing both assigned subnets to x.x.57.7.
>>
>> Is it best to just alias the dmz interface and route?
>> eg   eth2 x.x.57.54 and eth2:0 x.x.114.114?
>>
>> By reading the setup guide proxy arp looked like it may be easier.  It
looks like I could just assign and unused local subnet to eth2 and put all my
dmz hosts for both assigned subnets on it.
>>
> 
> Do nothing except enable routing! Thats *all* you need to do.
Rather ''enable forwarding''. Give eth2 one of the addresses in
your /29
and then the hosts attached to that interface can have the other 5 IP
addresses in that network.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay

That is what I am doing for the first assigned subnet. 

But to add the second subnet to the same interface I plan now to just add and
alias to eth2 from the second subnet so eth2 now has an address from each
assigned subnets.

Guess this is easier then proxy arp.  Thanks.


On 2011-05-16, at 5:33 PM, Tom Eastep wrote:
> On 05/16/2011 02:28 PM, Tom Eastep wrote:
>> On 05/16/2011 02:16 PM, Douglas Hammond wrote:
>>> Sorry the first subnet is 
>>> 
>>> x.x.57.53/29
>>> 
>>> I believe the ISP is routing both assigned subnets to x.x.57.7.
>>> 
>>> Is it best to just alias the dmz interface and route?
>>> eg   eth2 x.x.57.54 and eth2:0 x.x.114.114?
>>> 
>>> By reading the setup guide proxy arp looked like it may be easier. 
It looks like I could just assign and unused local subnet to eth2 and put all my
dmz hosts for both assigned subnets on it.
>>> 
>> 
>> Do nothing except enable routing! Thats *all* you need to do.
> 
> Rather ''enable forwarding''. Give eth2 one of the
addresses in your /29
> and then the hosts attached to that interface can have the other 5 IP
> addresses in that network.
> 
> -Tom
> -- 
> Tom Eastep        \ When I die, I want to go like my Grandfather who
> Shoreline,         \ died peacefully in his sleep. Not screaming like
> Washington, USA     \ all of the passengers in his car
> http://shorewall.net \________________________________________________
> 
>
------------------------------------------------------------------------------
> Achieve unprecedented app performance and reliability
> What every C/C++ and Fortran developer should know.
> Learn how Intel has extended the reach of its next-generation tools
> to help boost performance applications - inlcuding clusters.
>
http://p.sf.net/sfu/intel-dev2devmay_______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users

------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay

On 05/16/2011 02:33 PM, Tom Eastep wrote:
> On 05/16/2011 02:28 PM, Tom Eastep wrote:
>> On 05/16/2011 02:16 PM, Douglas Hammond wrote:
>>> Sorry the first subnet is 
>>>
>>> x.x.57.53/29
>>>
>>> I believe the ISP is routing both assigned subnets to x.x.57.7.
>>>
>>> Is it best to just alias the dmz interface and route?
>>> eg   eth2 x.x.57.54 and eth2:0 x.x.114.114?
>>>
>>> By reading the setup guide proxy arp looked like it may be easier. 
It looks like I could just assign and unused local subnet to eth2 and put all my
dmz hosts for both assigned subnets on it.
>>>
>>
>> Do nothing except enable routing! Thats *all* you need to do.
> 
> Rather ''enable forwarding''. Give eth2 one of the
addresses in your /29
> and then the hosts attached to that interface can have the other 5 IP
> addresses in that network.
Although if eth2 is your network-facing NIC, you might want to use
another NIC for your x.x.114.114/29 net

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay

eth2 is my dmz zone.

I want both these subnets on the dmz.  no need to separate them at the moment.

Thanks again


On 2011-05-16, at 5:45 PM, Tom Eastep wrote:
> On 05/16/2011 02:33 PM, Tom Eastep wrote:
>> On 05/16/2011 02:28 PM, Tom Eastep wrote:
>>> On 05/16/2011 02:16 PM, Douglas Hammond wrote:
>>>> Sorry the first subnet is 
>>>> 
>>>> x.x.57.53/29
>>>> 
>>>> I believe the ISP is routing both assigned subnets to x.x.57.7.
>>>> 
>>>> Is it best to just alias the dmz interface and route?
>>>> eg   eth2 x.x.57.54 and eth2:0 x.x.114.114?
>>>> 
>>>> By reading the setup guide proxy arp looked like it may be
easier.  It looks like I could just assign and unused local subnet to eth2 and
put all my dmz hosts for both assigned subnets on it.
>>>> 
>>> 
>>> Do nothing except enable routing! Thats *all* you need to do.
>> 
>> Rather ''enable forwarding''. Give eth2 one of the
addresses in your /29
>> and then the hosts attached to that interface can have the other 5 IP
>> addresses in that network.
> 
> Although if eth2 is your network-facing NIC, you might want to use
> another NIC for your x.x.114.114/29 net
> 
> -Tom
> -- 
> Tom Eastep        \ When I die, I want to go like my Grandfather who
> Shoreline,         \ died peacefully in his sleep. Not screaming like
> Washington, USA     \ all of the passengers in his car
> http://shorewall.net \________________________________________________
> 
>
------------------------------------------------------------------------------
> Achieve unprecedented app performance and reliability
> What every C/C++ and Fortran developer should know.
> Learn how Intel has extended the reach of its next-generation tools
> to help boost performance applications - inlcuding clusters.
>
http://p.sf.net/sfu/intel-dev2devmay_______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users

------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay

On May 16, 2011, at 2:54 PM, Douglas Hammond wrote:
> eth2 is my dmz zone.
> 
> I want both these subnets on the dmz.  no need to separate them at the
moment.
> 
Other than routing between them is a pain...

-Tom

Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay