SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Proxy Arp and Nat Port forwarding

    Posted 02-23-2014 02:18

    Hi everyone,

    I need a confirmation on what I am working on at the moment. I am not confident with my proxy arp understanding and have never used it before. In the company I 'am working for the SRX was configured with proxy arp.

    I need to to create a nat port forwarding rule, a classic case : public IP redirected to a private IP that delivers a service. Let s say an FTP server.

    I have created the rule with nat destination from the public IP to the private IP. My question is, is that correct  ? or should I put the IP defined on the interface that does the proxy ARP ? 

    Sorry if my question seems a bit unclear it is because my understanding of proxy ARP is unclear. 

    You understand the issue. NAt port forwarding rule to private server with proxy ARP configured.

    Please help and talk as if you would to a beginner in junos and networking.

    Many thanks



  • 2.  RE: Proxy Arp and Nat Port forwarding
    Best Answer

    Posted 02-23-2014 03:27

    Hi

     

    Is your public IP from which you redirect the same as IP on the outside interface (under family inet address)? If yes, no proxy-arp is needed: SRX will respond to ARPs on this address automatically.

     

    Otherwise, is your public IP from which you redirect in the same subnet as IP on the interface? In this case, you need proxy ARP for that address (from which you redirect).

     

    If it is on some other subnet - no proxy ARP is needed again.

     

    To understand this, think from the perspective of the upstream (provider's) router. It always needs to resolve IP address to MAC address with ARP.