hi guys
I have trouble with MT box that is trying to send its mac address to any
request on network for other IP range, I have no idea why is it so crazy…
so I am trying to solve this problem and at the same time buy some
security for my network so I can make some vlan on my switch to
prevent users to directly connect to the s-dsl and adsl modems, because
at this moment they’re on the same unmanaged switch as LAN and WAN
port of MT box. (maybe this is the reason)
but I have certain servers on the network that are connecting directly to
the sdsl modem so It is difficult to shape the network without managed
switch unless I use separate switched to put the network behind which is
not what I want…
so which managed switch is recommended to buy? of course for ARP thing
I have to buy L3 but NO MONEY !!! so I have to stick to Layer two switch…
I am thinking about this switch from Linksys
http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayout&packedargs=c%3DL_Product_C2%26cid%3D1130276506669&pagename=Linksys%2FCommon%2FVisitorWrapper
which is around 235USD, so any idea is it good for my needs and also
what other brand and model is good in this price range (200~250USD)?
Thanks
Proxy ARP.
Don’t rely on VLANs for security. Buy another cheap switch for your DSL modems. Then, by all means buy a managed switch for your internal network.
Regards
Andrew
you mean even if I setup vlan I cannot block user to directly access the sdsl modem?
by the way the sdsl modem and the wireless hotspot and the MT gateway are all different nodes which I want to define the rules… whats the best solution for the security?
and enabling proxy-arp didn’t solve my problem for any reason… any idea why?
thanks for your reply
Sorry, I wasn’t explicit enough. Proxy ARP enabled would be one reason why your box would reply for MAC addresses other than it’s own.
you mean even if I setup vlan I cannot block user to directly access the sdsl modem?
Yes and no 
It depends on how hard they try. VLAN should be considered for administrative separation only. For starters, it’s only as secure as your management console. As physical security, in the form of separate switches, is so cheap and easy to achieve why compromise?
For your configuration I would suggest 3 network cards in the router (or two NICs plus a wireless card) and three separate physical networks.
Regards
Andrew
the problem is MT hasn’t shown a very stable system to me considering my latest problem and I dont want my web and mail server to rely on it by separating the network into two separate switch and I want them to be available to local and wan network as well
OK. So let’s go back to the original probem.
On what IP addresses is the MT responding to ARP requests and on what interface (i.e. what MAC address is it returning)?
Is Proxy ARP turned off on all interfaces?
Can you post your interface and address config here.
I’ve found MT to be a very stable system. Mine can be up for months without problems. From your description of your system it sounds as if you have servers publicly available with no form of firewalling. This makes compromise far easier and the effects of a compromise far more devastating. If you’re concerned about availability then the odd problem with a router pales into insignificance.
Regards
Andrew