Arp problem

[Jeff Odegard]

I ended up using IP aliases to fix it and it works fine.

A note about this should probably be added to the HOWTO under section
6.1 Source NAT.

Thanks again to everyone for their help.

-----Original Message-----
From: Rusty Russell [mailto:rusty@linuxcare.com.au]
Sent: Wednesday, June 28, 2000 1:40 AM
To: Jeff@DigitalDefense.net
Cc: Multiple recipients of list NETFILTER
Subject: Re: Arp problem 


In message <2175AA14AAC7D31186370080AD3ADF0D030B27@EXCHANGE> you write:
> I checked the HOWTO's and mailing list, but couldn't find an answer.
> Sorry if this is a re-hash of an old problem.
> 
> I am running linux-2.4.0-test2 and iptables-1.1.0 on a fresh RedHat
6.2
> install.  I'm trying to do Source NAT for a range of IP addresses and
> can't get it to work for addresses not set up on the system.  In the
lab
> I have this set up
> 
> /sbin/iptables -t nat -A POSTROUTING -o eth0 -s <internal network>/24
-j
> SNAT --to <EXT_IP1>-<EXT_IPn>
> 
> eth0 is EXT_IP1.  IP's 2 through n are unused on the network.  I send
> pings from a test host on the inside to a test host on the outside.
The
> outside host sees the echo requests with the correct source addresses,
> does an arp_who_has for the source IP, but only gets a response from
the
> firewall for EXT_IP1.  The firewall doesn't do arp replies for the
other
> SNAT'ed addresses.

You need to convince everyone to route those addresses to you.  In
your case this means proxy arp, or adding those interfaces as aliases.

Rusty.
--
Hacking time.