Hi,
At 10:32 18.03.2002 +0100, you wrote:>I''m a little confused over the difference between ProxyARP and
>NAT and wonder if someone could give a short explanation on the
>essential function of ProxyARP (NAT is not that hard to
>grab...).
NAT =3D Network Address Translation
NAT translates a e.g. external IP to internal IP in the TCP/IP packages. In=20
this example your machine has an internal address.
ARP =3D Adress Resolution Protocol
ARP translates between the hardware address (MAC) of a NIC and the IP address.
When you set up ProxyARP your internal machine has an external IP. When you=20
set up ProxyARP on a firewall the firewall pretends to be the interal=20
machine (of course only on ARP level!!!). So all packages sent to your=20
internal machine get sent to your firewall. The firewall (when properly set=20
up) routes the packages to your internal machine.
Remeber when setting up ProxyARP that for your internal host the default=20
gateway is the firewall.
>If I got it right, they work in a similar way in that
>they forward requests to a defined host, but I''m not sure when
>I should prefer to use ProxyARP over NAT.
You use NAT if you want an internal machine to be "fully" in the
internet=20
(so all packages addressed to the NAT IP should hit your host). This is not=20
very often needed (and you should know what you are doing). If possible and=20
practicable you should use port forwarding instead (if you only want to=20
provide a special service like www of so - port forwarding is set up=20
in the rules file).
You use ProxyARP mostly for hosts in the DMZ. The advantage is that you get=20
your hosts behind the firewall without having messy routing tables or NAT=20
tables. You just set up your servers like they would stay directly in the=20
internet (except the default gateway). I
Sascha
--------------------------------------------------------
Sascha Knific K Systems & Design
Tel. +49-8151-773260 Wittelsbacherstr. 6a
Fax. +49-8151-773262 82319 Starnberg, Germany
Leo +49-8151-773261 WGS84: N57=B059''52.4"
E11=B020''34.3"
knific@k-sysdes.net http://www.k-sysdes.net