Re: How do we arp for NAT? Secondary IPs, proxy arp? something else?

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Tore Anderson <tore.anderson@redpill-linpro.com>
To: Jesse Molina <jesse@opendreams.net>
Cc: netfilter@vger.kernel.org
Subject: Re: How do we arp for NAT?  Secondary IPs, proxy arp? something else?
Date: Sun, 24 May 2009 13:19:20 +0200	[thread overview]
Message-ID: <4A192D38.90008@redpill-linpro.com> (raw)
In-Reply-To: <4A19235F.4070306@opendreams.net>

Hi Jesse,

* Jesse Molina

> What else is there?  Loop interfaces with proxy arping?  I've been
> reading about some functionality for NAT in the ip tool (ip route add
> nat ...) but it looks depreciated.  There also seems to be something
> like "ip rule add nat ..." but I've not figured that out yet.  I had
> read somewhere that "ip route add nat ..." specifically would arp for
> the translated address, but again, the man pages says that's depreciated
> in the 2.6 kernel.

I'd simply route the IP adresses used for NAT to your Linux-based
firewall, if I were you.  That way you'll only need a /30 link network
to be used on the public interface, while the addresses used for NAT do
not have to be local to the firewall in any way.  As an added bonus
you'll get less ARP traffic on the public interface, as the upstream
router only needs to learn the L2-address of the next-hop router (your
firewall, that is).

BR,
-- 
Tore Anderson
Redpill Linpro AS - http://www.redpill-linpro.com/

next prev parent reply	other threads:[~2009-05-24 11:19 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-05-24 10:37 How do we arp for NAT? Secondary IPs, proxy arp? something else? Jesse Molina
2009-05-24 11:19 ` Tore Anderson [this message]
2009-05-24 21:02   ` Jesse Molina
2009-05-24 21:55     ` Tore Anderson
2009-05-24 23:27     ` Mike Wright
2009-05-25  9:14     ` Pascal Hambourg
2009-05-29  8:09       ` Jesse Molina
2009-06-12  7:12       ` Jesse Molina
     [not found] ` <20090524164956.6f3fa24e@catlap>
2009-05-24 21:15   ` Jesse Molina
2009-05-25  4:51 ` Robert Nichols
2009-05-25  7:21 ` Покотиленко Костик

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4A192D38.90008@redpill-linpro.com \
    --to=tore.anderson@redpill-linpro.com \
    --cc=jesse@opendreams.net \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox