On 2010.02.18 00:31, Christian Ullrich wrote: > * Steve Bertrand wrote: > >> On 2010.02.17 16:42, Christian Ullrich wrote: > >>> send the packet. Why doesn't the kernel look up an ARP table entry by >>> both IP address and interface? >> >> That's not how the protocols were designed, and thankfully so. Imagine >> the potential for spoofing if this were allowed by default ;) > > You're right, of course. I had not considered that. > >> I have a couple of ideas, but need to understand better of your setup. >> Advise if this seems semi-accurate: >> >> - you house global resources for a bunch of clients at a central location >> - you have limited public IP addresses to do this with, or your central >> location is located within the same 'building' as all of the clients > > The latter. > >> - you have several clients with overlapping 1918 space >> - you need a method to have two instances of eg 192.168.1.110 accessing >> a single central resource, but which will be coming in on two separate >> interfaces (physical or virtual) >> - the central services (ie printer) doesn't have the capability to house >> more than a single IPv4 address >> - you do not want to be open to the potential for one client accessing >> the others networks >> - you have absolute control over the pf box >> >> is this right? > > Exactly right.
Contact me off-list, and I'll see if I can help with either cleaning this up, or with a dirty hack. We'll post any positive results to the list. Steve _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
