On Saturday May 3 2003 03:33 am, you wrote: > Hi Joseph, > > I took a look more closely at your schema ... > ...snip... > > i'm having a bit of trouble understanding exactly what you're trying to > achieve here. Well let me try to explain a different way. Lets say I have a working network with servers providing web pages, dns, mail, etc.... Now I want to put all the servers behind a firewall and not have to change my network around by subneting or masqerating. So proxy_arp fits the picture well, all I may have to do is flush arp cache or wait for a timeout. I did this using shorewall, and it is working great. Now my question: In my current setup, my firewall has a address on my public network (the same network as my servers). Is it possable to set up proxy_arp so that the proxy_arp-firewall does not have a identity on the public network? This would make it transparent and a little more secure because there would be no possible way for someone to try to access the firewall directly?? ..snip... > > 192.168.1.0/24 dev eth0 scope link > 192.168.3.0/24 dev eth1 scope link > 127.0.0.0/8 dev lo scope link > > your routing table is missing localhost, or did you <snip> it? check. > I did snip out all but the routes that pertained to proxy_arp setup :) -- Regards Joseph Watson