Hello,
M_a_r_k_T_ wrote:
If you can point me at an RFC that says that it is OK to not reply to ARP requests if the source if from a different subnet, that would be good because I can take that to the guys that manage the upstream router.
Certainly
https://tools.ietf.org/html/rfc1027
If the IP networks of the source and target hosts of an ARP request
are different, an ARP subnet gateway implementation should not
reply. This is to prevent the ARP subnet gateway from being used to
reach foreign IP networks and thus possibly bypass security checks
provided by IP gateways.Please tell Your ustream router guy it is not OK to do that with firewalls.
HTH
Thx
Alex