I'm trying to get my firewall to do proxy-arp on behalf of some 'virtual' ips.
this is what the entries look like in my arp table: 10.0.0.19 ether 08:00:20:A5:04:26 C eth2 66.8.45.171 * * MP eth2 66.8.45.171 * * MP eth1 66.8.45.171 * * MP eth0
When I try and connect to the ip 66.8.45.171, the firewall is asking who has arp 66.8.45.171.
I've succeeded with proxy-arp in the following setup: Box 1 192.168.1.176/24 | | | 192.168.1.42/24 (eth0) Linux router 192.168.1.18/28 (eth2) | | 192.168.1.17/28 Box 2 Box 1 doesn't know that 192.168.1/24 is split, its default router is *not* the Linux router. Box 2 has the Linux router as its default gateway. What I wanted to do was to be able to ping Box 2 from Box 1. Since Box 1 does not know that 192.168.1/24 is split, it expects Box 2 to be on the locally attached network and will issue arp requests when it tries to send IP packets to it. Therefore, the Linux router has to proxy-arp on behalf of Box 2. Here's what I did (entirely on the Linux router): # echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp That was it. Then I pinged from Box 1 to Box 2 successfully. The ARP table on Box 1 maps: 192.168.1.42 to 00:60:b0:cd:1c:16 192.168.1.17 to 00:60:b0:cd:1c:16 While on the Linux router, 192.168.1.17 has a different MAC address associated with it. I don't know what you're doing, so I can't tell where your mistake is. Cheers Tobias