Firewall/DMZ routing
Olivier Nicole
on at cs.ait.ac.th
Thu Jun 5 17:54:39 PDT 2003
> 08:33:08.160246 arp who-has A.B.C.154 tell A.B.C.145
It looks to me as if your ISP does not know you've subnetd your
subnet.
If it knew, it should never try to do an arp for the subnet
A.B.C.152/29 but route the ICMP to A.B.C.146 and that's it.
So the router of your ISP genuinely beleive that A.B.C.154 belongs to
its Ethernet reachable network (which is not as you have the FW in
between).
Olivier
More information about the freebsd-questions
mailing list