Two VLANs, One Subnet

Hans Fugal hans at
Thu Mar 8 22:06:27 MST 2007

On Thu,  8 Mar 2007 at 20:35 -0700, Michael Torrie wrote:
> On Thu, 2007-03-08 at 19:46 -0700, Hans Fugal wrote:
> > Can you tell I'm reworking my LAN?
> > 
> > I have a public /29 subnet, meaning I get 6 public IPs. Amazingly
> > enough, I have 6 devices that could use a public IP. Perhaps even more
> > astounding, I on occasion have more devices that get a private IP in the
> > range 
> > 
> > Here is how I want things to work:
> > 
> > ISP -- cisco -- openwrt -- LAN
> > 
> > cisco, openwrt, and 4 devices in the LAN have public IP addresses in the
> > same /29 subnet. I want openwrt to do NAT (as needed for the private
> > subnet), routing, and firewall. 
> NAT is your answer.  

Absolutely not. NAT is out of the question. NAT always causes more
problems than it solves, even in enterprise. In enterprise, you have
full-time sysadmins to go around chasing NAT issues and keeping a
semblance of normalcy. I know, I used to be one. I will set my network
up and just let it run. I will not be a slave to NAT.

> You can do this by either creating 4 virtual interfaces on the openwrt
> box, or using some kind of proxyarp solution.

Proxy ARP is the magic I needed.

It's working nearly perfectly. But for some reason the real MAC
addresses are leaking through the openwrt and getting into the cisco's
arp cache after a few (randomly distributed) minutes. Just how this is
happening is a mystery to me. Do you know? The only thing I can think of
is if my vlan is 'leaking'.


Hans Fugal ;
There's nothing remarkable about it. All one has to do is hit the 
right keys at the right time and the instrument plays itself.
    -- Johann Sebastian Bach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : 

More information about the PLUG mailing list