Quote:
Originally Posted by jggimi
Good luck, no matter what decisions you eventually make, or find yourself driven to by an ISP that is unwilling or unable to deploy TCP/IP as designed.
|
I'm almost ashamed to admit that: proxy arping solves the issue and allows the router to act as a router. As a network architect/engineer, I despise the idea of proxy arping. But in a small, well-defined and contained network such as my premises, it's not (that much of) a problem.
The basic steps:
1. Address the Verizon-facing interface on the router out of my static IP allotment, with the default route to .1
2. Address the public server facing interface on the router out of a completely phony IP block (I used 10.0.0.1/8).
3. Enable proxy arping on the router. In /etc/rc.conf:
Code:
# Set Proxy ARP
arpproxy_all="YES"
And then from the CLI:
Code:
# service routing restart
4. Set each of the public servers' default route to the IP address on the router, not Verizon's .1.
Voila. It works. It's sad that I have to deploy a broken network technology to fix a broken network. Yay Verizon!