Hi I tried the proxy-arp method, but it was too much of a mission to maintain the proxy arp cache.
Using ip aliases you just use ifconfig to create aliases on existing interfaces, no extra software required, less overhead, etc. It works and it's simple to understand and maintain. Ray 4/8/02 10:58:20 AM, Tom Walder <[EMAIL PROTECTED]> wrote: >Cheers Raymond, > >Can you comment on or compare your suggestion to a proxy arp method. I know >nothing about proxy arp !!! > >Tom > >At 10:56 08/04/2002 +0200, Raymond Leach wrote: >>OK. >> >>To get DNAT to work this is what I had to do: >> >>1. Setup the i[ptables filter rules to allow and redirect traffic to the >>machines (INPUT, FORWARD, OUTPUT, POSTROUTING ) >>2. Then I had to setup ip aliases on the firewall (with the internet >>addresses of the DNATed machines) to 'accept' the traffic for the DNATed >>machines. The alternative is proxy- >>arp. >> >>That's it ... >> >>Ray > ---------------------------------------- Ray Leach (Technical Network Specialist) Knowledge Factory www: http://www.knowledgefactory.co.za ICQ:153663421 Tel: +27-11-444-5006 Fax: +27-11-444-5007 "No matter where you go, there you are." ----------------------------------------
