On 13 Jul 2016, at 01:31, John Lauro <johnalauro@xxxxxxxxx> wrote: > Assuming you want the whole /24... > > for h in `seq 1 254` ; do arp -i eth0 -Ds 192.0.200.$h eth0 pub ; done Actually just the two addresses, but that looks good for IPv4. Thanks. > (Well, replace the two eth0 with bond0 in your case, although I would probably tie the vms to another nic or loopback interface and route instead of bridge even if you had to appear as layer 2 to the DC) > > I know, this is the proxy arp that you wanted to avoid, but not sure why you think some sort of masquerade arp would be better than routing / proxy arp? I can't influence the routing (that's on the DC side). If I use proxy arp and have another interface of 10.10.10.1/24 (for example) proxy arp will ARP for anything in that range (as I understand it). I only want to proxy arp for specific IPs. > You would need some sort of ebtables rule to ensure you didn't leak any arp out the virtual machine mac addresses if you do this on l2 instead of l3. Keep to l3 for the vms behind the host and it's a non issue. The L2 segment is only inside my VM (bond0 is not on br0) so that should be ok. -- Alex Bligh -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html