* Steve Bertrand wrote:
On 2010.02.17 16:42, Christian Ullrich wrote:
send the packet. Why doesn't the kernel look up an ARP table entry by
both IP address and interface?
That's not how the protocols were designed, and thankfully so. Imagine
the potential for spoofing if this were allowed by default ;)
You're right, of course. I had not considered that.
I have a couple of ideas, but need to understand better of your setup.
Advise if this seems semi-accurate:
- you house global resources for a bunch of clients at a central location
- you have limited public IP addresses to do this with, or your central
location is located within the same 'building' as all of the clients
The latter.
- you have several clients with overlapping 1918 space
- you need a method to have two instances of eg 192.168.1.110 accessing
a single central resource, but which will be coming in on two separate
interfaces (physical or virtual)
- the central services (ie printer) doesn't have the capability to house
more than a single IPv4 address
- you do not want to be open to the potential for one client accessing
the others networks
- you have absolute control over the pf box
is this right?
Exactly right.
--
Christian
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
