Hi-
My previous post was incorrect; 1:1 nat in fact works provided that traffic
for all IPs is sent to the firewall's public-facing MAC address. However, if
the route is merely '1.2.3.4/24 dev linktofw' from the machine pretending to be
the gateway (which is effectively how things are set up in the real world), the
firewall will not respond to ARP queries for IPs other than its own (it does
occasionally respond, but with a bogus MAC address).
So, my question is this: How do I get the firewall to answer any ARP
request for an IP on our public netblock with its own MAC address (or at least
the IPs we're doing 1:1 nat for)? I've tried setting up virtual IPs (both
proxy_arp and CARP), but that makes no difference.
We might be able to get the guys on the other end of the link (our ISP) to
give us an IP-specific route for our netblock, as opposed to a link-specific
route (which makes it behave like plain-ol' bridged Ethernet).
-Robin K.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
