Arp problem

[Rusty Russell]

In message <2175AA14AAC7D31186370080AD3ADF0D030B27@EXCHANGE> you write:
> I checked the HOWTO's and mailing list, but couldn't find an answer.
> Sorry if this is a re-hash of an old problem.
> 
> I am running linux-2.4.0-test2 and iptables-1.1.0 on a fresh RedHat 6.2
> install.  I'm trying to do Source NAT for a range of IP addresses and
> can't get it to work for addresses not set up on the system.  In the lab
> I have this set up
> 
> /sbin/iptables -t nat -A POSTROUTING -o eth0 -s <internal network>/24 -j
> SNAT --to <EXT_IP1>-<EXT_IPn>
> 
> eth0 is EXT_IP1.  IP's 2 through n are unused on the network.  I send
> pings from a test host on the inside to a test host on the outside.  The
> outside host sees the echo requests with the correct source addresses,
> does an arp_who_has for the source IP, but only gets a response from the
> firewall for EXT_IP1.  The firewall doesn't do arp replies for the other
> SNAT'ed addresses.

You need to convince everyone to route those addresses to you.  In
your case this means proxy arp, or adding those interfaces as aliases.

Rusty.
--
Hacking time.