Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] proxy-arp problems ...
  • From: Ray Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 7 Dec 2001 10:48:01 +0200
  • Message-id: <20011207084540.B5C3DE6540@xxxxxxxxxxxx>
On Fri 07 Dec 01 10:35, you wrote:
> > I'm trying to get my firewall to do proxy-arp on behalf of
> > some 'virtual' ips.
> >
This is what I'm trying to do :

Internet Router
(66.8.45.161/28)
|
|
(66.8.45.162/28)
Firewall (192.168.1.1/28) ------- DMZ
(10.0.0.2)
|
|
Private LAN

We have web servers in the DMZ with 192.168.1.x private IPs, then we want
66.8.45.x/28 mappings for those web servers so they can be seen from the
internet.

I want the firewall to do DNAT to the web servers in the DMZ. It must
'listen' to the 66.8.45.x requests and translate them to 192.168.1.x request.

The router sends arp requests for 66.8.45.171 (for example), the firewall has
proxy arp enabled on eth0 (66.8.45.161) for 66.8.45.171


These are my questions:

- Do I need the same IP ranges between the router and firewall and on the DMZ?
- I have verified (by adding a log rule) that the NAT rules is being checked
when a packet arrives on the firewall eth0 interface, but it does not answer
the routers arp requests and the packet then seems to dissappear (it never
arrives at the translated ip). Any idea what this could be?

Ray

< Previous Next >
Follow Ups
References