You don't need to activate proxy arp, but you do need to add firewall
rules just like anything else you NAT.
I personally prefer using 1:1 NAT with proxy arp, as you do not have to
NAT individual ports once that is configured, just create rules in the
firewall. However, this is really only ideal if you want to map a single
WAN address to a single server, not for NATing a public IP to several
Often times ISPs will not update the ARP caches on their routers as
often as you might like them to, so you might have to power cycle any
CSU/DSU/ISP-owned-equipment, or call them and have them clear the ARP
cache on their upstream router. If the ARP cache is stale you won't
properly be able to associate these other public IP addresses with your
From: Donnie Crump [mailto:info at agarin dot com]
Sent: Monday, August 01, 2005 4:41 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Is my Proxy ARP working?
I can't seem to get this to work.
Here is my setup.
I talked to my ISP and they said I have to ARP out any IP address I want
to use with a piece of hardware.
I plugged in the other static IPs under the Server NAT and under the
Proxy ARP screens.
Do I need to add a rule under the firewall for Proxy ARP? If so what
should it look like?
Do I need to enable Proxy ARP anywhere? Or is it on by default? If so
where is the setting?