[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Iptable NAT problem - ARP ?



IFIRC proxy_arp was/is replaced by dnat.  What you need is an IP in the
same subnet as your external IP that you then use on your internel
network.  When you turn on proxy_arp on your external interface it will
pass all external arp requests onto your internal network and proxy any
replys.  This allows for a "transparent router" aka a bridge.

--- Pradeeper <pradeeper@unionb.com> wrote:

> On Thu, 2004-08-12 at 04:25, Mike Mestnik wrote:
> >
>
http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-linux/2002-01/0094.html
> > 
> > I guess I could be wrong as this doc describes the alias is only used
> for
> > arp replys.  It(the alias) also automaticaly puts incoming pkts onto
> the
> > INPUT table.
> Thanks for the info!
> 
> >   Without the alias these pkts WOULD get routed, most probly out the
> > default route or sent to the local MAC addres.  This behaviour can be
> > acheved with a userlevel APR tool, I use farpd.  This may be more
> secure
> > as you would need to explicatly DNAT these pkts or they would, after
> > looping several(30 or less) times, have TTL-time outs.
> Can't I enable firewall to handle ARP request without installing any
> other like farpd?
> What is this /proc/sys/net/ipv4/conf/eth0/proxy_arp for?
> Is it something to do with this?
> 
> Regards!
> 
> Pradeeper
> --
> Debian GNU/Linux Sarge kernel 2.4.22-openmosix-1
> 
> Give him an evasive answer.
> 
> 



		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail 



Reply to: