7 Dec
2001
7 Dec
'01
09:53
My guess is that proxy_arp is the wrong tool then.
Try adding additional IPs to the Interface of the Firewall. For example try: "ip add 66.8.45.171 dev eth0"
Package: iproute2 (SuSE 7.2)
then your FW answers the arp-requests (I think so).
Deactivate proxy_arp.
This is true, Ray doesn't want proxy-arp, he wants the firewall to answer arps on behalf of the public servers behind it. My mistake in introducing the term 'proxy-arp' in the first place, I probably hadn't given it enough thought or been confused and assumed that the public servers actually used their public IP addresses. Sorry for the confusion created. Tobias