Hello,
I have been digging around for a while trying to get a good understanding of
how to configure linux to do proxy arp. I understand the conncept well
(there is lots of info on this), but am struggling to get a clear
understanding of implimenting it on linux.
First question:
Is the following possible, or does the firewall have to have a address on
192.168.1.0/24 network?? My thought was I could add a route on eth0 to the
192.168.1.0/24 network, and a route on eth1 to the host 192.168.1.2 and then
turn on proxy arp.
192.168.1.0/24
|
eth0: 192.168.2.1
Firewall
eth1: 192.168.3.1
|
192.168.1.2
Second question:
I have been using Shorewall as a firewall, and it comes with proxyarp
capability. Here is the working configuration of my firewall using proxy
arp:
192.168.1.0/24
|
eth0: 192.168.1.1
Firewall
eth1: 192.168.3.1
|
192.168.1.2
There are the following routes:
192.168.1.2 dev eth1 scope link
192.168.1.0/24 dev eth0 scope link
This makes sence. Where I am confused is when I check the proxy_arp settings:
[]# cat /proc/sys/net/ipv4/conf/eth0/proxy_arp
0
[]# cat /proc/sys/net/ipv4/conf/eth1/proxy_arp
1
[]#
Why is proxy_arp not turned on for eth0?? Every howto I can find says to turn
on proxy_arp for both interfaces.
Thanks for any help.
--
Regards
Joseph Watson
