Arp problem

[Jeff Odegard]

I checked the HOWTO's and mailing list, but couldn't find an answer.
Sorry if this is a re-hash of an old problem.

I am running linux-2.4.0-test2 and iptables-1.1.0 on a fresh RedHat 6.2
install.  I'm trying to do Source NAT for a range of IP addresses and
can't get it to work for addresses not set up on the system.  In the lab
I have this set up

/sbin/iptables -t nat -A POSTROUTING -o eth0 -s <internal network>/24 -j
SNAT --to <EXT_IP1>-<EXT_IPn>

eth0 is EXT_IP1.  IP's 2 through n are unused on the network.  I send
pings from a test host on the inside to a test host on the outside.  The
outside host sees the echo requests with the correct source addresses,
does an arp_who_has for the source IP, but only gets a response from the
firewall for EXT_IP1.  The firewall doesn't do arp replies for the other
SNAT'ed addresses.

I can make it work using ip aliasing on eth0, but that would require me
to set up an alias for each masqueraded IP and that seems like a kludge.
I also looked into proxy_arp, but couldn't get it to work.

Does anyone have an idea what I'm missing? Thanks for your help.



Jeff A. Odegard
www.digitaldefense.net

List admin:  I am subscribed under a company mailing list account.
Thanks!