Hello, I'm working on setting up a firewall for my local LAN. We will using VoIP applications extensively, so ip-masquerading unfortunately wont cut it. So I'm trying to figure out how to setup a firewall, I have 30 external (real) IPs, and about 25 client machines. So our ISP doesn't have to get involved, I figured I would use proxy arp to take care of incoming packets, and NAT for outgoing. Here is what I'm doing in regards to proxy arp: echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp arp -Ds 207.102.201.189 eth1 pub -v [root@firewall /root]# arp -an ? (207.102.201.189) at * PERM PUP on eth1 [root@firewall /root]# cat /proc/net/arp 207.102.201.189 0x1 0xc 00:00:00:00:00:00 * eth1 This is weird, even though I specify the MAC address I want to use for arp replies, it doesn't record this MAC address anywhere it seems. When I go to a client machine and try to ping 207.102.201.189, then check the arp table on that client, 207.102.201.189 00-d0-b7-74-52-57 dynamic I get the MAC address of eth0 on my firewall box. (It should be the MAC address of eth1 on the firewall.. [external interface]) This also seems to be the same for any IP I throw at it in the same subnet. ie: 207.102.201.161 00-d0-b7-74-52-57 dynamic Makes no difference if I manually set arp table entries or not, it always replies with the MAC address of eth0 on the firewall. Anyone know how I can change this so its replying with any MAC address I specify, or at least the mac address of ETH1 like its supposed to? - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
