Re: Iptable NAT problem - ARP ?
IFIRC proxy_arp was/is replaced by dnat. What you need is an IP in the
same subnet as your external IP that you then use on your internel
network. When you turn on proxy_arp on your external interface it will
pass all external arp requests onto your internal network and proxy any
replys. This allows for a "transparent router" aka a bridge.
--- Pradeeper <pradeeper@unionb.com> wrote:
> On Thu, 2004-08-12 at 04:25, Mike Mestnik wrote:
> >
>
http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-linux/2002-01/0094.html
> >
> > I guess I could be wrong as this doc describes the alias is only used
> for
> > arp replys. It(the alias) also automaticaly puts incoming pkts onto
> the
> > INPUT table.
> Thanks for the info!
>
> > Without the alias these pkts WOULD get routed, most probly out the
> > default route or sent to the local MAC addres. This behaviour can be
> > acheved with a userlevel APR tool, I use farpd. This may be more
> secure
> > as you would need to explicatly DNAT these pkts or they would, after
> > looping several(30 or less) times, have TTL-time outs.
> Can't I enable firewall to handle ARP request without installing any
> other like farpd?
> What is this /proc/sys/net/ipv4/conf/eth0/proxy_arp for?
> Is it something to do with this?
>
> Regards!
>
> Pradeeper
> --
> Debian GNU/Linux Sarge kernel 2.4.22-openmosix-1
>
> Give him an evasive answer.
>
>
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail
Reply to: