Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] proxy-arp problems ...
  • From: Peter Wiersig <wiersig@xxxxxxxxx>
  • Date: Fri, 7 Dec 2001 10:05:31 +0100
  • Message-id: <200112070904.KAA22872@xxxxxxxxxxxxx>
On Friday, 7. December 2001 09:48, Ray Leach wrote:

> > > I'm trying to get my firewall to do proxy-arp on behalf of
> > > some 'virtual' ips.
>
> Internet Router
> (66.8.45.161/28)
> |
> (66.8.45.162/28)
> Firewall (192.168.1.1/28) ------- DMZ

> We have web servers in the DMZ with 192.168.1.x private IPs, then we want
> 66.8.45.x/28 mappings for those web servers so they can be seen from the
> internet.
>
> I want the firewall to do DNAT to the web servers in the DMZ. It must
> 'listen' to the 66.8.45.x requests and translate them to 192.168.1.x
> request.

My guess is that proxy_arp is the wrong tool then.

Try adding additional IPs to the Interface of the Firewall.
For example try:
"ip add 66.8.45.171 dev eth0"

Package: iproute2 (SuSE 7.2)

then your FW answers the arp-requests (I think so).

Deactivate proxy_arp.

Peter

< Previous Next >