My firewall is currently a linux box running shorewall, with WAN, LAN, and
DMZ ports. I have a handful of IP's, but being that my network is not
routed, I am using proxy arp. Everything is running great.
Firewall IP: xxx.xxx.48.146
Firewall GW: xxx.xxx.48.145
Server IP's: xxx.xxx.48.147-152
Server GW's: All use xxx.xxx.48.145 (same as firewall)
As you can see, each one of my servers is using a public IP and my ISP's
gateway. As far as they are concerned, they're connected right to my ISP,
not behind a firewall. Thats the beauty of proxy arp.
I have been experimenting with m0n0wall, and have been very happy with it
so far. Tonite I spent some time moving our firewall to m0n0wall, but the
proxy arp part is giving me problems. I am using the same system for both
the linux firewall and m0n0wall, so all the MAC's tied to the arp requests
should be the same.
I've read a few posts about proxy arp on m0n0wall, where Manuel refers to
proxy arp being what allows m0n0wall to answer arp requests for all the
IP's, and then it has to decide what to do with the traffic. He mentions
the solution being 1:1 NAT, but I don't quite understand why NAT is
required or how exactly it should be configured.
I have created individual proxy arp entries for each of the servers, with a
/32. What's left to configure? If I do need to NAT, can I get an example
entry, because I am not understanding the need for NAT or how I would go
about doing this. I just need to know how to tell m0n0wall where to send
these packets. Shorewall has a "IP ADDRESS PROXYARPED - SOURCE INTERFACE -
DESTINATION INTERFACE" configuration that I am used to, which tells it
where to pass the packets off to.