Whole document tree

Whole document tree

Other alternatives to Proxy ARP with subnetting

5. Other alternatives to Proxy ARP with subnetting

There are several other alternatives to using Proxy ARP with subnetting in this situation, apart from the ones mentioned about (bridging and straight routing):

  • IP-Masquerading (see the IP-Masquerade mini-HOWTO), in which network 0 is "hidden" behind machine A from the rest of the Internet. As machines on network 0 attempt to connect outside through machine A, it re-addresses the source address and port number of the packets and makes them look like they are coming from itself, rather than from the machine on the hidden network 0. This is an elegant solution, although it prevents any machine on network 1 from initiating a connection to any machine on network 0, as the machines on network 0 effectively don't exist outside of network 0. This effectively increases security of the machines on network 0, but is also means that servers on network 1 cannot check the identity of clients on network 0 using IP numbers (eg. NFS servers use IP hostnames for access to mountable file systems).

  • Another option is IP in IP tunneling, which isn't supported on all platforms (such as Macs and Windoze machines) so I opted not to go this way.

  • Use Proxy ARP without subnetting. This is certainly possible, it just means that a separate entry needs to be created for each machine on network 0, instead of a single entry for all machines (current and future) on network 0.

  • Possibly IP Aliasing might also be useful here, but I haven't looked into this at all.