Disclaimer: I haven't tried any of this myself.
I got it to work (with help) by doing a 'arp -i eth0 -s xxx.xxx.xxx.xxx 00:00:00:00:00:00 pub Where eth0 is the outside if and xxx.xxx.xxx.xxx is the outside IP address. And of cause the correct MAC address of that interface. But it dident work before I added a route!!!! 'route add -host xxx.xxx.xxx.xxx eth1' Where eth1 is the inside of my firewall.
I've tried several things to get this to work. Does my DMZ have to have public IPs for this to work?
There is no inherent difference between publiv and private IP addresses. RFC 1918 just reserves a part of the entire address space and forbids its use in the public Internet.
I've done this : iptables -t nat -A PREROUTING -p tcp --dport 80 -d 66.8.45.171 -j DNAT --to-destination 192.168.1.171:80 arp -i eth0 -s 66.8.45.171 00:01:02:50:B8:9E pub echo "1" > /proc/sys/net/ipv4/conf/eth0/proxy_arp
This didn't work. I still get arp requests for 66.8.45.171 from the router at 66.8.45.161, but my firewall (66.8.45.162) does not answer them.
I tried to add a route for 66.8.45.171 to route via 192.168.1.1 (DMZ interface).
Umm.. I think you've got the order wrong. IMHO and from reading the man
pages, you should do either:
1. echo 1 > /proc/sys/net/ipv4/ip_forward
2. echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
maybe 3. route add -host 192.168.1.171 dev eth1
I don't think step 3 is meant to be necessary.
Or, e.g. if ip_forward is zero, you could do:
1. arp -i eth0 -s 66.8.45.171