On Fri 07 Dec 01 10:35, you wrote:
I'm trying to get my firewall to do proxy-arp on behalf of some 'virtual' ips.
This is what I'm trying to do :
Internet Router (66.8.45.161/28) | | (66.8.45.162/28) Firewall (192.168.1.1/28) ------- DMZ (10.0.0.2) | | Private LAN We have web servers in the DMZ with 192.168.1.x private IPs, then we want 66.8.45.x/28 mappings for those web servers so they can be seen from the internet. I want the firewall to do DNAT to the web servers in the DMZ. It must 'listen' to the 66.8.45.x requests and translate them to 192.168.1.x request. The router sends arp requests for 66.8.45.171 (for example), the firewall has proxy arp enabled on eth0 (66.8.45.161) for 66.8.45.171 These are my questions: - Do I need the same IP ranges between the router and firewall and on the DMZ? - I have verified (by adding a log rule) that the NAT rules is being checked when a packet arrives on the firewall eth0 interface, but it does not answer the routers arp requests and the packet then seems to dissappear (it never arrives at the translated ip). Any idea what this could be? Ray