Hello, >> > Why proxy_arp? >> >> because SNAT DNAT not work properly with - for example H.323 (even if >> module for this is in kernel) and others... >> >> is any other secure method ?
> I am not really sure what you want to do exactly. Maybe draw a little > ascii-art with IP-addresses and everything to show what you want. > IMHO proxy ARP is ugly. Maybe you can bridge instead? example the simplest topology: comp comp comp computers in LAN.... publicIP | | | | =========== server ---+----+----+----+----... SNAT 192.168.x.x proxy_arp some of comp has private addresses 192.168.... and some of them have to had public IP addreses. 1. solution SNAT+DNAT on server - but some protocols are not well supported [ex. H.323] IP of comp's are set to 192.168.... but on DNAT is translated to IP public. 2. solution - this one of witch we discussing... IP of comp's are normal public IP, on serwer is routing to this hosts, proxy_arp is enabled, FORWARD for this comp's are not blocked (etc..etc...) I want to be able to set public IP's for computers in LAN. Is any other solution ? I dont know about it - if you so - please let me know :) I am the ISP network administrator. Thanks a lot. -- Regards, Marcin.