Hi Jesse, * Jesse Molina > What else is there? Loop interfaces with proxy arping? I've been > reading about some functionality for NAT in the ip tool (ip route add > nat ...) but it looks depreciated. There also seems to be something > like "ip rule add nat ..." but I've not figured that out yet. I had > read somewhere that "ip route add nat ..." specifically would arp for > the translated address, but again, the man pages says that's depreciated > in the 2.6 kernel. I'd simply route the IP adresses used for NAT to your Linux-based firewall, if I were you. That way you'll only need a /30 link network to be used on the public interface, while the addresses used for NAT do not have to be local to the firewall in any way. As an added bonus you'll get less ARP traffic on the public interface, as the upstream router only needs to learn the L2-address of the next-hop router (your firewall, that is). BR, -- Tore Anderson Redpill Linpro AS - http://www.redpill-linpro.com/ -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
