On Mon, Oct 27, 2008 at 2:14 PM, Robin Kauffman <[EMAIL PROTECTED]> wrote: > Hi- > > My previous post was incorrect; 1:1 nat in fact works provided that > traffic for all IPs is sent to the firewall's public-facing MAC address. > However, if the route is merely '1.2.3.4/24 dev linktofw' from the machine > pretending to be the gateway (which is effectively how things are set up in > the real world), the firewall will not respond to ARP queries for IPs other > than its own (it does occasionally respond, but with a bogus MAC address). > So, my question is this: How do I get the firewall to answer any ARP > request for an IP on our public netblock with its own MAC address (or at > least the IPs we're doing 1:1 nat for)? I've tried setting up virtual IPs > (both proxy_arp and CARP), but that makes no difference.
Proxy ARP or CARP is how this is accomplished. Add the VIPs, clear ARP on your upstream, then try to access those IPs. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
