[ previous ] [ next ] [ threads ]
 From:  Rolf Sommerhalder <rolf dot sommerhalder at alumni dot ethz dot ch>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  ARP Proxy for Sub-Subnet Extraction
 Date:  Sat, 06 Nov 2004 06:53:14 +0100
Hello list,

"sub-subnet extraction" is one name for a hack where a remote LAN uses a 
subrange of the subnet of the local LAN, as shown in this figure: "local" subnet
LAN:, ARP proxy for
  X crossover Ethernet cable, IPSec VPN
  | "remote" extracted sub-subnet (/30)
  |             with 2 usable IP addresses (some host)

This is attractive as in the local subnet no additional routes nor any 
default gateways need to be configured for IP traffic flowing towards 
the remote sub-subnet via the IPSec tunnel (comes in handy if you don't 
have admin access to the network devices in the LAN).

I have this hack working with Astaro v5 boxes, and now try to replace 
them by m0n0walls v1.2b2. However, I observe that the ARP proxy which I 
activated on the m0n0local box apparently does not respond to ARP 
requests for nor on the the subnet.

Re-reading the description for the ARP proxy option in m0n0 leaves me 
with the understanding that the ARP proxy might only listen on the WAN 
interface, and not on the LAN interface.

Can anyone please confirm that ARP proxy is indeed listening only on 
WAN, or is it supposed to work on LAN as well?  Thanks.

Regards from Zurich/Switzerland,