This form is used to define proxy ARP (Address Resolution Protocol) rules. You need one rule for each system to be proxy ARP'd.
ID: | The unique ID number identifying this Proxy ARP's rule. |
Server IP Address: | Address of the target system. |
Internal Interface: | The interface that connects to the system. If the interface is obvious from the sub-netting, you may choose "-". |
External Interface: | The external interface that you want to honor ARP requests for the "Server IP Address" specified above. |
Have already a Route to Server IP: | If you already have a route through the "Internal Interface" to the "Server IP Address", Check this option. If you want the firewall itself to add the route, make sure it is not checked. |
Example: You have public IP addresses 155.182.235.0/28. You configure your firewall as follows:
eth0 - 155.186.235.1 (Internet connection) eth1 - 192.168.9.0/24 (masqueraded local systems) eth2 - 192.168.10.1 (interface to your DMZ) |
In your DMZ, you want to install a Web/FTP server with public address 155.186.235.4. On the Web server, you subnet just like the firewall's eth0 and you configure 155.186.235.1 as the default gateway:
Server IP Address: | 155.186.235.4 |
Internal Interface: | eth2 |
External Interface: | eth0 |
Have already a Route to Server IP: | No |
Note: You may want to configure the servers in your DMZ with a subnet that is smaller than the subnet of your Internet interface. In this case you will want to place "Yes" in the HAVEROUTE column.