On Wed, Nov 07, 2001 at 11:14:29PM -0500, Jason Lunz wrote:
> > Hmm.. this is an interesting scenario. I guess you could try having > > the bridge do proxy ARP for the DMZ IP, and taking the appropriate > > redirection action in the PREROUTING chain. That would work, no? > > Granted, it's still somewhat ugly.. > > Unfortunately, the kernel's proxy arp mechanism will only work when it > determines that the route to the IP being ARPed for is on a different > interface than the one the ARP is coming from. In this case, the DSL > router is ARPing for an IP on the bridge's network, so the kernel won't > proxy arp. But we want the bridge to reply to that ARP even though the > machine isn't actually on the other side. OK, so how about just assigning the IP address to the interface? That way the box will reply to ARP requests, and you can use the firewalling/NAT to make sure no other traffic to that address reaches the local host (i.e. firewall). cheers, Lennert _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
