Earl Cliffson wrote:
> Can someone explain the difference between IP aliasing
> and proxy ARP to me? Or, put another way, if we
> didn't have proxy ARP before, how did the ISP do its
Put simply, the main difference is that m0n0wall no longer thinks that
the IP addresses which were used in 1:1 and server NAT mappings are
actually its own. The ARP replies it sends in response to queries for
these IP addresses are the same in pb27 if proxy ARP is enabled. It
works both ways as far as 1:1 NAT is concerned, but IP aliasing becomes
impractical if large subnets have to be aliased (you cannot tell BSD to
alias a whole range of IP addresses) - with a userland proxy ARP daemon
(choparp) that's no problem. This is an important prerequisite for 1:1
NAT with entire subnets in pb27...
> Currently I have a publicly routable subnet of
> aaa.bbb.ccc.88 - 95.
> .88 is the network address
> .89 is a gateway address that sits at my ISP. (it is
> the other end of my dsl line.
> .90 is my m0n0wall WAN IP
> .91 - 94 are 1:1 NATted to private space on my DMZ.
> The 1:1 NAT causes the automatic IP aliasing, so that
> .91-.94 appear to be on the WAN along with .90.
> It all works great. How does my ISP know to route
> like this without proxy ARP already in place? Will I
Up to and including pb26, m0n0wall automatically added IP aliases to the
WAN interface for 1:1 NAT entries, causing the underlying operating
system to respond to ARP queries for these addresses (hence telling your
ISPs router where to send packets for e.g. aaa.bbb.ccc.91) - same
behavior as with proxy ARP in pb27. Since not all people need/want this
(you obviously do though), the aliasing has been removed, and proxy ARP
is now there to do the job for those who need it.
> need to change this in the pb27 version?
Yes. Add separate proxy ARP entries for .91 to .94 (/32 each).