Florin Andrei a écrit :
Grant Taylor wrote:
Dare I ask why you are wanting to use Proxy ARP?
Well, it's required by DNAT, isn't it?
No it's not. Proxy ARP may be useful as a workaround for broken routing
setups, when the source host thinks the destination host is on the same
link but actually it is behind a router.
[...]
To make proxy ARP work with DNAT, an IP alias must be created on the
external interface, with the public IP address of the machine behind the
firewall.
If you do that you do not need proxy ARP.
It's not even necessary to play with proxy_arp in /proc. Just the IP
alias and DNAT.
Right. I guess another way would have been to add a route to the virtual
public IP addresses pool and enable proxy ARP (not tested though).
