Re: Iptable NAT problem - ARP ?

To: Mike Mestnik <cheako911@yahoo.com>
Cc: Listen <list.nospam@std-software.de>, Debian-Firewall <debian-firewall@lists.debian.org>
Subject: Re: Iptable NAT problem - ARP ?
From: Pradeeper <pradeeper@unionb.com>
Date: Thu, 12 Aug 2004 11:01:59 +0600
Message-id: <[🔎] 1092286919.10408.1667.camel@Neo>
Reply-to: pradeeper@unionb.com
In-reply-to: <[🔎] 20040811222521.10110.qmail@web11907.mail.yahoo.com>
References: <[🔎] 20040811222521.10110.qmail@web11907.mail.yahoo.com>

On Thu, 2004-08-12 at 04:25, Mike Mestnik wrote:
> http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-linux/2002-01/0094.html
> 
> I guess I could be wrong as this doc describes the alias is only used for
> arp replys.  It(the alias) also automaticaly puts incoming pkts onto the
> INPUT table.
Thanks for the info!

>   Without the alias these pkts WOULD get routed, most probly out the
> default route or sent to the local MAC addres.  This behaviour can be
> acheved with a userlevel APR tool, I use farpd.  This may be more secure
> as you would need to explicatly DNAT these pkts or they would, after
> looping several(30 or less) times, have TTL-time outs.
Can't I enable firewall to handle ARP request without installing any
other like farpd?
What is this /proc/sys/net/ipv4/conf/eth0/proxy_arp for?
Is it something to do with this?

Regards!

Pradeeper
--
Debian GNU/Linux Sarge kernel 2.4.22-openmosix-1

Give him an evasive answer.

Reply to:

Follow-Ups:
- Re: Iptable NAT problem - ARP ?
  - From: Mike Mestnik <cheako911@yahoo.com>

References:
- Re: Iptable NAT problem - DONE!
  - From: Mike Mestnik <cheako911@yahoo.com>

Prev by Date: Re: Iptable NAT problem - DONE!
Next by Date: Re: Iptable NAT problem - ARP ?
Previous by thread: Re: Iptable NAT problem - DONE!
Next by thread: Re: Iptable NAT problem - ARP ?
Index(es):
- Date
- Thread