: I have a debian (woody) box acting as router for my network and I am trying : to setup a dmz (210.xxx.xxx.225/29). <routing table snipped> This is a classic case of a breaking a network in two with proxy ARP. You can do this exactly as you indicate (assuming the xxx.xxx numbers are all accurate). : anyway, whenever a request comes in for one of the boxes in the dmz the : gateway box doesn't seem to answer any arp requests for it. So the : connection goes nowhere. How do i fix it? I've tried playing with arp proxy : and manual arp entries to no avail. Do I need to add an extra route? The routes look fine, according to the snipped routing table. There are (at least) two ways to do it. I haven't documented the second way yet...keep looking around but you can read up on one way to do it here (with script and config file): http://plorf.net/linux-ip/html/adv-proxy-arp.htm One thing people frequently forget when using proxy ARP techniques is: the upstream router (here at 210.xxx.xxx.141) needs to have a /30 prefix length and a static route OR the upstream router needs to have a a /29 prefix length, and the proxy ARPing device needs to proxy ARP for the "internal" network I'd recommend using tcpdump on both eth0 and eth2 to determine where the problem is. -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
