On Fri, 19 Oct 2001, Matthew G. Marsh wrote:
> Do not use coloned interfaces. Deprecated. Should be removed already.
> Instead use:
>
> ip addr add ${IP3}/32 dev eth0
>
> Then arp will work correctly and so will the following NAT.
Thank you! I still worry about having an interface with $IP3's number
on the firewall.
> > iptables -A PREROUTING -t nat -d $IP3 -j DNAT --to 10.10.10.191
> > iptables -A POSTROUTING -t nat -s 10.10.10.191 -j SNAT --to-source $IP3
> >
> > This is the only way I can see of getting arp replies to be sent, and
> > it looks evil.
>
> Must be so. You are _not_ doing proxy arp. Proxy arp would be if you
> actually had one of the customers machines assigned the 2.2.2.3 address
> for real.
'arp -s' doesn't seem to do anything useful anymore, does it?
> > In short, is this a bug? Or am I doing something wrong?
>
> Not a bug. ;-} Definitions are exact. Proxy arp is for a machine that
> exists and has address assigned. 1-2-1 NAT is for case you are doing.
Where can I find more information on one-to-one NAT?
--
Charles Howes -- chowes@xxxxxxxx
"The personal computer allows you to make more mistakes faster than
any other invention in human history, with the possible exceptions of
handguns and tequila."
(It's the mistakes made with handguns, computers *and* tequila that
are really spectacular!)
|