Hello, I have been digging around for a while trying to get a good understanding of how to configure linux to do proxy arp. I understand the conncept well (there is lots of info on this), but am struggling to get a clear understanding of implimenting it on linux. First question: Is the following possible, or does the firewall have to have a address on 192.168.1.0/24 network?? My thought was I could add a route on eth0 to the 192.168.1.0/24 network, and a route on eth1 to the host 192.168.1.2 and then turn on proxy arp. 192.168.1.0/24 | eth0: 192.168.2.1 Firewall eth1: 192.168.3.1 | 192.168.1.2 Second question: I have been using Shorewall as a firewall, and it comes with proxyarp capability. Here is the working configuration of my firewall using proxy arp: 192.168.1.0/24 | eth0: 192.168.1.1 Firewall eth1: 192.168.3.1 | 192.168.1.2 There are the following routes: 192.168.1.2 dev eth1 scope link 192.168.1.0/24 dev eth0 scope link This makes sence. Where I am confused is when I check the proxy_arp settings: []# cat /proc/sys/net/ipv4/conf/eth0/proxy_arp 0 []# cat /proc/sys/net/ipv4/conf/eth1/proxy_arp 1 []# Why is proxy_arp not turned on for eth0?? Every howto I can find says to turn on proxy_arp for both interfaces. Thanks for any help. -- Regards Joseph Watson