Help

Proxy ARP's rule

This form is used to define proxy ARP (Address Resolution Protocol) rules. You need one rule for each system to be proxy ARP'd.

ID: The unique ID number identifying this Proxy ARP's rule.
Server IP Address: Address of the target system.
Internal Interface: The interface that connects to the system. If the interface is obvious from the sub-netting, you may choose "-".
External Interface: The external interface that you want to honor ARP requests for the "Server IP Address" specified above.
Have already a Route to Server IP: If you already have a route through the "Internal Interface" to the "Server IP Address", Check this option. If you want the firewall itself to add the route, make sure it is not checked.

Example: You have public IP addresses 155.182.235.0/28. You configure your firewall as follows:

eth0 - 155.186.235.1 (Internet connection)
eth1 - 192.168.9.0/24 (masqueraded local systems)
eth2 - 192.168.10.1 (interface to your DMZ)

In your DMZ, you want to install a Web/FTP server with public address 155.186.235.4. On the Web server, you subnet just like the firewall's eth0 and you configure 155.186.235.1 as the default gateway:

Server IP Address: 155.186.235.4
Internal Interface: eth2
External Interface: eth0
Have already a Route to Server IP: No

Note: You may want to configure the servers in your DMZ with a subnet that is smaller than the subnet of your Internet interface. In this case you will want to place "Yes" in the HAVEROUTE column.