On Friday, 7. December 2001 09:48, Ray Leach wrote:
I'm trying to get my firewall to do proxy-arp on behalf of some 'virtual' ips.
Internet Router (66.8.45.161/28) | (66.8.45.162/28) Firewall (192.168.1.1/28) ------- DMZ
We have web servers in the DMZ with 192.168.1.x private IPs, then we want 66.8.45.x/28 mappings for those web servers so they can be seen from the internet.
I want the firewall to do DNAT to the web servers in the DMZ. It must 'listen' to the 66.8.45.x requests and translate them to 192.168.1.x request.
My guess is that proxy_arp is the wrong tool then. Try adding additional IPs to the Interface of the Firewall. For example try: "ip add 66.8.45.171 dev eth0" Package: iproute2 (SuSE 7.2) then your FW answers the arp-requests (I think so). Deactivate proxy_arp. Peter