1
General Discussion / "Proxy ARP" Workaround for IPv6 in isolated VLAN
« on: November 28, 2022, 05:37:45 pm »
Good day all,
in combination with a Private VLAN I also use Proxy ARP.
With this I want to prevent that device A can directly address a device B, C or anything else in the same subnet without firewall rules being applied to it.
Without Proxy ARP, however, requests to devices would come to nothing because the matching MAC address cannot be determined. With Proxy ARP the OPNSense reports, so that the packet goes through the router and firewall rules can be applied.
This works without any problems. Unfortunately only for IPv4. For IPv6 the NDP is used instead of ARP.
Is there a workaround that has the same effect as proxy ARP? Unfortunately I did not find a proxy NDP.
Otherwise my devices could reach the whole internet - just not the endpoints, which are actually right next door.
Greetings
Martin
in combination with a Private VLAN I also use Proxy ARP.
With this I want to prevent that device A can directly address a device B, C or anything else in the same subnet without firewall rules being applied to it.
Without Proxy ARP, however, requests to devices would come to nothing because the matching MAC address cannot be determined. With Proxy ARP the OPNSense reports, so that the packet goes through the router and firewall rules can be applied.
This works without any problems. Unfortunately only for IPv4. For IPv6 the NDP is used instead of ARP.
Is there a workaround that has the same effect as proxy ARP? Unfortunately I did not find a proxy NDP.
Otherwise my devices could reach the whole internet - just not the endpoints, which are actually right next door.
Greetings
Martin