pretending to be the target host. After receiving the reply, Host A then sends data directly to
NetDefendOS which forwards the data to host B. In the process NetDefendOS checks the traffic
against the configured rule sets.
Setting Up Proxy ARP
Setting up proxy ARP is done by specifying the option for a route in a routing table. Let us suppose
we have a network and it is divided into two parts which are called net_1 and net_2.
The network net_1 is connected to the interface if1 and the network net_2 is connected to the
interface if2. In NetDefendOS there will be a route configured that says net_1 can be found on if1.
This might be called route_1.
For route_1 it is possible to specify the option that this network should be proxy ARP'ed on
interface if2.. Now any ARP request issued by a net_2 host connected to if2 looking for an IP
address in net_1 will get a positive response from NetDefendOS. In other words, NetDefendOS will
pretend that the net_1 address is found on if2 and will forward data traffic to net_1.
In the same way, net_2 could be published on the interface if1 so that there is a mirroring of routes
and ARP proxy publishing.
Route #
Network
Interface
Proxy ARP Published
1
net_1
if1
if2
2
net_2
if2
if1
In this way there is complete separation of the sub-networks but the hosts are unaware of this. The
routes are a pair which are a mirror image of each other but there is no requirement that proxy ARP
is used in a pairing like this.
Keep in mind that if the host has an ARP request for an IP address outside of the local network then
this will be sent to the gateway configured for that host. The entire example is illustrated below.
Figure 4.4. A Proxy ARP Example
Transparent Mode as an Alternative
Transparent Mode is an alternative and preferred way of splitting Ethernet networks. Setup is
simpler than using proxy ARP since only the appropriate switch routes need to be defined. Using
switch routes is fully explained in Section 4.7, “Transparent Mode”.
Proxy ARP depends on static routing where the location of networks on interfaces are known and
usually fixed. Transparent mode is more suited to networks whose interface location can change.
4.2.6. Proxy ARP
Chapter 4. Routing
163
Summary of Contents for NetDefend DFL-260E
Page 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27...
Page 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79...
Page 146: ...3 9 DNS Chapter 3 Fundamentals 146...
Page 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227...
Page 241: ...5 4 IP Pools Chapter 5 DHCP Services 241...
Page 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339...
Page 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360...
Page 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382...
Page 386: ...The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386...
Page 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439...
Page 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450...
Page 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488...
Page 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503...
Page 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510...
Page 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533...