Florin Andrei wrote:
Any idea if RHEL 5 is doing something "special" that might prevent proxy
ARP from working?
I figured it out. I actually tested the idea yesterday, but it failed
because one of the test machines was not configured properly.
To make proxy ARP work with DNAT, an IP alias must be created on the
external interface, with the public IP address of the machine behind the
firewall.
ip address add XXX.YYY.ZZZ.KKK dev eth0
where XXX.YYY... is the public IP address that corresponds to the
private IP address of a server behind the firewall.
It's not even necessary to play with proxy_arp in /proc. Just the IP
alias and DNAT.
--
Florin Andrei
http://florin.myip.org/
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
