On Tue, Nov 22, 2011 at 12:43, Pandu Poluan <pandu@xxxxxxxxxxx> wrote: > Hello, I need some suggestions. > > (If the ASCII diagrams get messed up, I've uploaded them to > http://pastebin.com/SbbWKds0 > > I have a network that looks like this: > ---- >8 snip > > For some complicated reasons, I can't change the subnet address of the > LAN, nor can I change the default gateway for the systems in the LAN. > And since I can't reconf the Router, I have to "spoof" the router. > > Is it doable just with iptables and iproute2? Or do I have to also go > down the route of ebtables? > > And if it is doable, what caveats must I be aware of? > > Thanks in advance. > Some intense research, and I think I might've found the answer: *) Configure the Linux box with, say, 192.168.0.3 *) Manipulate the routing table *) Activate proxy_arp *) Write some arptables rules to discard arp requests for 192.168.0.x (where x != 1 and x != 3) *) Write some iptables rules to perform firewalling *) Activate ip_forward Reference: http://www.sjdjweis.com/linux/proxyarp/ Do you think this plan will work? Rgds, -- FdS Pandu E Poluan ~ IT Optimizer ~ • LOPSA Member #15248 • Blog : http://pepoluan.tumblr.com • Linked-In : http://id.linkedin.com/in/pepoluan -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
