Tunneling public ips, proxy arp, tinc config

Guus Sliepen guus at sliepen.eu.org
Sat Aug 31 20:16:33 CEST 2002 

On Sat, Aug 31, 2002 at 06:43:53PM +0200, Ime Smits wrote:

> I have a question. I have a routeable /24 netblock including a server at a
> colocation and I would like to use tincd to tunnel part of that netblock to
> an internal network on another location being connected to the internet via
> gateway with DSL link and a single static IP address, so I can use public
> routable IP addresses on the local network.
> 
> I have tincd 1.0 pre7 installed on both the local gateway and the colocated
> server and communication between the two hosts works fine. I'm having
> troubles though routing packets. I am a bit dazzled about the arp and mac
> stuff in tinc-up.

The "arp and mac stuff" is there for historical reasons. It only affects
the virtual network interface, not your real interface. It does not in
any way prohibit what you want to do.

> Should I be using a tool like proutearpd to dynamically mangle arp tables?
> What exactly does the arp option to ifconfig do in the case of tinc? Or
> should I be using a different tool altogether?

There are two ways to do what you want with tinc:

1. Use a proxy ARP daemon at the colocation to divert traffic to the
tinc router so it is forwarded to the other side. You can use the
tinc-up scripts from the examples in the documentation, you must add
"Subnet = 0.0.0.0/0" to the server at the colocation and you must add
Subnet lines corresponding to the subset of the routable /24 netblock
that you use for your other location.

2. Use tinc in bridge mode to bridge the internal network behind your
DSL link with the network at your colocation. You can find examples of
this setup at http://tinc.nl.linux.org/examples/bridging.html.

Method 2 has the advantage that it will truly make the hosts behind your
DSL appear on the colocation network. They can fully participate with
all network protocols and send and receive multicast and broadcast packets.

-- 
Met vriendelijke groet / with kind regards,
    Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20020831/298f27b5/attachment.pgp

More information about the Tinc mailing list