When using NAT , arp is used to accept packets for the translated IP
address since there is no node replying to ARP requests for the
translated IP - mac address.
e.g. An internal IP address 10.0.0.8 initiates a connection to the
outside, the gateway translates the source address to 199.203.73.8,
when the reply packets arrive from the server, its destination address
is 199.203.73.8.
If no static route exist, the router sees the packet is destined for a
directly attached network(199.203.73.X) and sends a ARP request
querying for the MAC address of 199.203.73.8 (translated address), the
router receives no response and drops the packet.
You have to manually update the ARP table with the translated address
and the mac address of the gateway or add a static route to route all
traffic for 199.203.73.8 to the gateway IP address.
10.0.0.8 ----> gateway(199.203.73.1) --------> outside server.
Route entry
route add 199.203.73.8 199.203.73.1 1
Hope this helps and I have not confused the issue.
Marcus
______________________________ Reply Separator _________________________________
Subject: Re: ARP
Author: lists ([EMAIL PROTECTED]) at unix,mime
Date: 07/10/99 12:12
On Tue, Oct 05, 1999 at 10:43:02AM +0530, suchi wrote:
> As i am new to the concept of NAT please could someone help me out.
> Please could someone tell me what is the function of ARP while doing NAT.
> I would also be very thankful if I was pointed to some good Docs on NAT and co
nfiguring the same on cisco routers.
usualy arp is only used by your LAN workstations to find the hardware
address of the default gateway. the Default Gateway is then doing NAT on IP
level. You could also use a System which is transparent to the Workstatons
(because they dont need to add/change the default gateway entry, but the
proxy arp which is used there is not a nice solution on the network level
(the ip level isnt affected by it).
Greetings
Bernd
--
(OO) -- [EMAIL PROTECTED] --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
This message contains confidential information and is intended only
for the individual named. If you are not the named addressee you
should not disseminate, distribute or copy this e-mail. Please
notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete, or contain viruses. The sender therefore
does not accept liability for any errors or omissions in the contents
of this message which arise as a result of e-mail transmission. If
verification is required please request a hard-copy version. This
message is provided for informational purposes and should not be
construed as a solicitation or offer to buy or sell any securities or
related financial instruments.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
