I don't think ARP responses update the routing table. Generally,
a route report of "directly connected" means that the router has an
interface with an assigned address on that subnet, so it knows which
interface to ARP for the destination on.
In the case where you have multiple ranges on a single segment, the
correct way to get them into the route table is to assign *secondary*
address(es) to the interface. ARP shouldn't do it.
David Gillett
-----Original Message-----
From: Mollemans, Bart [mailto:bart.mollemans@getronics.com]
Sent: Monday, July 11, 2005 11:44 PM
To: Robert Synak; chip; firewalls@securityfocus.com
Subject: RE: Newbie question... Firewalls vs cisco routers - Proxy arp
versus directly connected networks...
Thank you all for your feedback...
One quick addition. In this scenario:
Interface FastEthernet 0/1
ip address 192.168.0.1 255.255.255.0
And on your fw:
192.168.0.20 255.255.255.0
I understand that if on your cisco you do a "sh ip route 192.168.0.20"
the host will show up as directly connected. But (here come the tricky
part :) ) when my FW proxy arps for a host 172.16.0.20
255.255.255.0, my
question is when I look on my cisco "sh ip route 172.16.0.20"
shouldn't
the 172.16.0.20 host (or /c network for that matter) show up
as directly
connected also??
I humbly bow in gratitude.
Bart
-----Original Message-----
From: Robert Synak [mailto:robert.synak@anitian.com]
Sent: maandag 11 juli 2005 19:30
To: chip; firewalls@securityfocus.com
Subject: RE: Newbie question... Firewalls vs cisco routers - Proxy arp
versus directly connected networks...
Not a bad question for a newbie question. Just to add to what Chip
wrote: even if there is an intervening switch or two between
the router
in question and the host in question, if the host is on the same net,
and there's no router between it and the router in question,
it is still
on a directly connected network.
__________________________________________________________
Robert Synak, CISSP, CCNA, SCSA, MCSE, JNCIA-FW Security Engineer
ANITIAN ENTERPRISE SECURITY
3800 SW Cedar Hills Blvd, Suite 280
Beaverton, OR 97005
503-644-5656 Office
503-214-8069 Fax
503-807-4429 Mobile
www.anitian.com
__________________________________________________________
-----Original Message-----
From: chip [mailto:chip.gwyn@gmail.com]
Sent: Monday, July 11, 2005 9:07 AM
To: firewalls@securityfocus.com
Cc: bart.mollemans@getronics.com
Subject: Re: Newbie question... Firewalls vs cisco routers - Proxy arp
versus directly connected networks...
On 7/8/05, Mollemans, Bart <bart.mollemans@getronics.com> wrote:
All,
My question boils down to the following:
When is a host or network directly connected for a cisco router?
Is this when: A the cisco sees a MAC/IP address on his interface?
or B when the host/network matches the network(s)
defined on
the interface of the cisco?
or C both above
or D none above... :)
Thanks for anny input you could give.
Regards,
Bart Mollemans
Let's say everything was just turned on, no arp table exists yet. Now
when the router attempts to talk to a host (192.168.0.10) it
will first
send out an ARP request to the broadcast address of the network.
If your network is 192.168.0.0/24 then the request is sent to
192.168.0.255 (the broadcast). The arp request is sent to all hosts on
the network segment asking who is responsible for talking for
192.168.0.10. The host with the IP address 192.168.0.10
responds back to
the router with it's MAC address saying that it is resonsibile for
that IP. The router then knows the MAC address and can then talk
back and forth to that host.
So, to answer your question. The host and the router have to sit on
the same segment and have to have IP addresses within the same network
to be able to talk with each other.
In the case of Proxy arp a host between the router and the actual host
you are wanting to talk with plays middle man and passes traffic back
and forth. The middleman host usually being a firewall of some sort.
--chip
--
Just my $.02, your mileage may vary, batteries not included, etc....
<<attachment: winmail.dat>>
