Proxy ARP za ucelem NATu?

[Jan Kasprzak]

	Mam takovy problem s proxy ARP. Situace:

---[gw]---------[fw]---------[server]
1.2.3.1/29  1.2.3.2/29      10.0.0.2/24
            10.0.0.1/24

Cilem je, aby nejaka sluzba (treba http/tcp) na serveru "server" byla zvenku
pristupna pod adresou http://1.2.3.3/ s tim, ze "fw" bude delat preklad
adres. Ocekaval jsem, ze na "fw" bude stacit dat

arp -i eth0 -s 1.2.3.3 0:1:2:3:4:5 pub

(kde eth0 je rozhrani smerem ke gw, 0:1:2:3:4:5 je MAC adresa eth0)
a pak

iptables -t nat -A PREROUTING -d 1.2.3.3 -j DNAT --to-destination 10.0.0.2

Problem je, ze "fw" neodpovida na ARP dotazy routeru "gw", ktery se pta
na 1.2.3.3. V manove strance k arp(8) jsem zjistil, ze:

       -i If, --device If
              Select an interface. When  dumping  the  ARP  cache
              only  entries matching the specified interface will
              be printed. When setting a permanent  or  temp  ARP
              entry  this  interface  will be associated with the
              entry; if this option is not used, the kernel  will
              guess  based  on the routing table. For pub entries
              the specified interface is the interface  on  which
              ARP requests will be answered.
              NOTE:  This  has to be different from the interface
              to which the IP datagrams will be routed.

	Zarazi me to "NOTE". Proc by se melo ARP nejak ohlizet na to,
ze ktereho rozhrani prichazi pozadavek?

	Pokud namisto proxy ARP udelam na "fw" neco jako
ifconfig eth0:0 1.2.3.3 ..., zacne na ARP dotazy odpovidat.

	Proc se proxy ARP chova takto?

-Yenya

-- 
| Jan "Yenya" Kasprzak  <kas at {fi.muni.cz - work | yenya.net - private}> |
| GPG: ID 1024/D3498839      Fingerprint 0D99A7FB206605D7 8B35FCDE05B18A5E |
| http://www.fi.muni.cz/~kas/   Czech Linux Homepage: http://www.linux.cz/ |
Having your own personal custom language dialect might be tempting but it is
normally something only the lisp community do.                    (Alan Cox)