Follow-Up on Proxy ARP [Resolved]

calendar Posted on April 19, 2008   comments One Comment

Last May (has it really been that long?) I had an article about Proxy ARP and my challenges in trying to accomplish something along those lines on the cheap. I had some good comments but, to be honest, didn’t totally comprehend the solutions offered.

From that post:

So here’s the poop: I have a handful of servers running services that I’d like to expose to the outside world, but behind a firewall. So I want to create some subdomain names like service.example.com, ws.example.com, issues.example.com, etc. Each resolves to a different IP address in our public address range.

I want one device or firewall to service all these, then pass the traffic along to some internal addresses. I believe the term for this is, depending on who you ask, either Proxy ARP or ARP proxy.

I’m pleased to say that not only do I get it now, but I’ve actually got it. Got it done, that is. All thanks to the new firewalls I picked up this week. I replaced all our office and data center firewalls with various WatchGuard models — I wasn’t happy with the old ones, especially since they were no longer made nor supported.

One of the nice features I found in my new WatchGuard units is the ability to do 1-to-1 NAT. And guess what? That’s exactly what I was after.

From a FAQ:

1-to-1 NAT is frequently used when you have an internal server with a private IP address that must be made public. You can use 1-to-1 NAT to map public IP addresses to your internal servers. You do not have to change the IP address of your internal servers. When you have one or a group of similar servers (for example, a group of email servers), 1-to-1 NAT is easier to configure than static NAT for the same group of servers.

That article goes on to give some examples of why you might actually do this. I’m doing it to expose a handful of web and app servers.

BAM. Problem solved. I eliminated a handful of extra little SOHO type routers from my office server room this afternoon. I’m happy now. :-)

tags Tags: , , , ,

Related Posts Possibly Related Posts

Comments

One Response to “Follow-Up on Proxy ARP [Resolved]”

  1. Tsudohnimh on April 22nd, 2008 7:41 am

    I wish I’d found your post earlier and I would have pointed you to Watchguard. I’ve been using them in my network solutions for a couple of years now and they are great firewalls. Make sure to go to version 10 if they aren’t already.

    Good luck with them.
    Tsudohnimh

Leave a Reply




Have you read the Comments section on the Disclaimer page?

About

Wandering the Internet, looking at all things bright and shiny. Playing with many, writing about some. More …

Recent Posts

Recent Comments: