From mboxrd@z Thu Jan 1 00:00:00 1970 From: Martijn Lievaart Subject: Re: NAT on stateless firewall ? Date: Sun, 05 Aug 2007 22:16:10 +0200 Message-ID: <46B6300A.7020404@rtij.nl> References: <46B26400.7050504@andrei.myip.org> <46B2FB97.3090605@plouf.fr.eu.org> <46B3729A.8030605@andrei.myip.org> <46B37DD2.8020606@andrei.myip.org> <46B37EB5.3060803@rtij.nl> <46B38856.1020003@andrei.myip.org> <46B39567.5080004@riverviewtech.net> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <46B39567.5080004@riverviewtech.net> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii"; format="flowed" To: gtaylor+reply@riverviewtech.net Cc: netfilter@lists.netfilter.org Grant Taylor wrote: > On 08/03/07 14:56, Florin Andrei wrote: > >> arp -s XXX.YYY.ZZZ.KKK -i eth0 -D eth0 pub >> > > Remember that ARP (cache) entries are just to tell a host where (what > MAC) an IP address (on the same subnet) is at so that the local host > does not have to ARP for it. > > >> I tested it, but it doesn't seem to work. I see the ARP requests, but >> the server does not respond to it. >> > > Just because traffic may be coming to the correct MAC address, there is > no guarantee that any thing will be listening or responding at that MAC > address for the IP address in question. You would actually have to bind > the IP to the MAC for any thing of value to happen out side of sniffing. > I remember using this with host routes. The arp makes the packet arrive, routing gets it to it's destination. I'm actually surprised the above does not work. Unfortunately I currently have no setup to test this. Anyone can explain why it doesn't wwork? M4