This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SNAT/DNAT and ARP

hi aslers,

i have ad question concerning NAT and ARP queries:

i like to make DNAT and want to use a external, official ip address out of the network of my external interface. (213.61.xxx.0/27).
Router: 213.61.xxx.1
asl: 213.61.xxx.2
new nat address: 213.61.xxx.10

so traffic to 213.61.xxx.10 should be redirected to an internal client (10.10.10.xxx).

i saw the router arping for 213.61.xxx.10. but the firewall did not answer these queries.
do i have to add a static arp entry to my firewalls arp table or should i enabel proxy arp on my external interface ?

thanxs,

GNJB

This thread was automatically locked due to age.

Parents

0 cyclops over 21 years ago

gnujuba,

if you want to hide your servers behind NAT you'd have to add the official IP adresses as additional adresses to the external interface (32 bit mask, no default gateway)

WebAdmin:Network/Interfaces -> eth(x) type 'additional address on etherenet interface'.

Greetings
cyclops
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 cyclops over 21 years ago

gnujuba,

if you want to hide your servers behind NAT you'd have to add the official IP adresses as additional adresses to the external interface (32 bit mask, no default gateway)

WebAdmin:Network/Interfaces -> eth(x) type 'additional address on etherenet interface'.

Greetings
cyclops
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 gnujuba over 21 years ago in reply to cyclops

is this the best solution ?
i would prefer a static arp entry or something like that rather than reconfiguring my external interface each time i setup an dnat/snat rule.

any ideas ?

gnjb
Cancel
Vote Up 0 Vote Down

Cancel