Hi, Proxy-arp decides if a response is going to be sent based on a route lookup. This lookup takes rules added with ip rule for policy routing into account. For example if a rule is present saying that all traffic coming in on interface eth1 should be routed using table 10, proxy-arp will look in this table. However, basing the policy routing on input interface is a bit cumbersome in this case. I would like to use nfmark instead (which we use for the other traffic). Is it possible in some way to have an nfmark apply for an arp packet? My problem is that the proxy-arp causes the router to answer gratuitous arp requests, causing the client to complain about ip-conflict, because the host route for the client is in table X while proxy-arp will currently look in the default route table. Adding an individual ip rule for each client seems overkill and probably bad for performance. Currently we use arptables to block the problematic and unneeded arp replies, but it seems a cleaner solution would be to have proxy-arp actually look in the right table, if possible. /Oskar -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html