On 16/06/2009 2:59 PM, Christian Lerrahn wrote:
The second problem is how I make sure that the MAC addresses of the virtual servers never make it onto the physical network. In other words, I would like them to be able to communicate internally based on their MAC addresses while at the same time all outgoing traffic pretends that the physical device has all the IP addresses directly assigned to it.
MAC addresses _typically_ don't traverse network segments unless there's a bridge. With a _typical_ routed setup you'll be forwarding via dom0 so the only MAC address hitting the physical network will be that of dom0.
If you are unable to obtain a portion of the IPs available on the physical network (subnet or proxy arp) or your own private range (depending on what this setup is), I'd say NAT would be the easiest (only?) option but obviously useless for hosting services on the same port for multiple domU.
In any case other than NAT or proxy arp, your ISP will need to configure their gateway router with a route to your subnet. Some ISPs can be a PITA WRT a setup like this. Proxy arp may be the only viable option. As to how this is done on NetBSD, I'm not sure. Maybe something like 'arp -s hostname ether_addr pub proxy' would be sufficient ... I don't know. Aliasing shouldn't be required ... I don't believe ... but also not sure. It seems to me that aliasing would prevent the packets from traversing.
Hope that make sense :S Sarton