IFIRC proxy_arp was/is replaced by dnat. What you need is an IP in the same subnet as your external IP that you then use on your internel network. When you turn on proxy_arp on your external interface it will pass all external arp requests onto your internal network and proxy any replys. This allows for a "transparent router" aka a bridge.
--- Pradeeper <[EMAIL PROTECTED]> wrote: > On Thu, 2004-08-12 at 04:25, Mike Mestnik wrote: > > > http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-linux/2002-01/0094.html > > > > I guess I could be wrong as this doc describes the alias is only used > for > > arp replys. It(the alias) also automaticaly puts incoming pkts onto > the > > INPUT table. > Thanks for the info! > > > Without the alias these pkts WOULD get routed, most probly out the > > default route or sent to the local MAC addres. This behaviour can be > > acheved with a userlevel APR tool, I use farpd. This may be more > secure > > as you would need to explicatly DNAT these pkts or they would, after > > looping several(30 or less) times, have TTL-time outs. > Can't I enable firewall to handle ARP request without installing any > other like farpd? > What is this /proc/sys/net/ipv4/conf/eth0/proxy_arp for? > Is it something to do with this? > > Regards! > > Pradeeper > -- > Debian GNU/Linux Sarge kernel 2.4.22-openmosix-1 > > Give him an evasive answer. > > __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail
