Occasionally, an IP network must be split into separate segments. Proxy ARP can be used for increased control over packets exchanged between two hosts or to limit exposure between two hosts in a single IP network. The technique of proxy ARP is commonly used to interpose a device with higher layer functionality between two other hosts. From a practical standpoint, there is little difference between the functions of a packet-filtering bridge and a firewall performing proxy ARP. The manner by which the interposed device receives the packets, however, is tremendously different.
The device performing proxy ARP (masq-gw
) responds for all ARP queries
on behalf of IPs reachable on interfaces other than the interface on
which the query arrives.
FIXME; manual proxy ARP (see also
Section 9.3, “Breaking a network in two with proxy ARP”), kernel proxy ARP, and the newly
supported sysctl net/ipv4/conf/$DEV/medium_id
.
For a brief description of the use of medium_id, see Julian's remarks.
FIXME; Kernel proxy ARP with the sysctl
net/ipv4/conf/$DEV/proxy_arp
.
Note....until this section is written, this post by Don Cohen is rather instructive.