With Proxy ARP objects, you can configure the Barracuda NG Firewall to answer ARP requests on behalf of a requested interface, accept packets, and correctly forward packets. Proxy ARPs are like additional IP addresses that the firewall responds to when it receives an ARP request. Use Proxy ARP addresses for redirecting and mapping in firewall rulesets, if they are in the same address space as the source of a connection request. You can also use Proxy ARP objects for bridging.
You can create a Proxy ARP object as a standalone object or with a connection object. However, the Proxy ARP object is then dependent on the connection object; if the connection object is deleted, the Proxy ARP object is also deleted.
Configure a Proxy ARP Object
- Log into the Barracuda NG Firewall.
- Click the Status tab.
- In the Services table, click Configuration.
- On the Simple Config page, click Ruleset in the Operational Configuration table.
- From the Configuration menu in the left navigation pane, select Proxy ARPs.
- To create a Proxy ARP object, right-click the table and select New.
- To edit a Proxy ARP object, double-click it.
In the Edit/Create a Proxy ARP Object window, specify the settings for the Proxy ARP object.
Example - Edit/Create a Proxy ARP Object window:
You can specify the following settings:
You can enter a single IP address or a complete network.
Description of the Proxy ARP object.
To let the Proxy ARP object exist without a referring object (such as a connection object), select this check box. Otherwise, the Proxy ARP object is deleted if the referring object is deleted. The Standalone setting is enabled by default.
Primary Network Interface
Interface that is used when responding to an ARP request. You can either enter a specific network interface (for example, eth1), or select one of the following options:
- match (default) - ARP requests are answered via the interface that hosts the network.
- any - ARP requests are answered via any interface.
Additional interfaces that are used when responding to ARP requests. Make sure that you only enter interfaces that do not conflict with the primary network interface. You can enter a space-delimited list of interfaces.
Network addresses that should be excluded from a complete network that is entered in the Network Address field. You can enter a space-delimited list of addresses.
Source Address Restriction
Network addresses that must be used as the source IP address when responding to ARP requests. You can enter a space-delimited list of addresses.
Introduce Route on Interface
For bridging setups only. Read-only field that displays the bridging interface route (see: link).
Send Unsolicited ARP
To configure the firewall to also propagate specified IP addresses through ARPs, select this check box. The Send Unsolicited ARP setting is enabled by default.
- Click OK.
- Click Send Changes and then click Activate.
Create a Proxy ARP Object with a Connection Object
To create a Proxy ARP object with in the configuration of a connection object, select the Create Proxy ARP check box. For more information on creating on a connection object, see link.