I'm trying to use pfSense to replace a Linux iptables firewall that I have already setup. I couldn't get proxyarp to work for the life of me. I use Shorewall on the Linux system to configure rules and proxyarp. Here's a basic outline of the system:
ISP- Provides two subnets 220.127.116.11/27 and 18.104.22.168/27. Occupies gateway addresses of 22.214.171.124 and 126.96.36.199.
Firewall WAN interface- Occupies one public IP, 188.8.131.52, and proxyarps the remaining public IP's in both subnets to a DMZ interface
Firewall DMZ interface- 10.0.0.1/24, needs NAT for multiple items within this subnet but proxyarps the gateway addresses for both subnets to systems that occupy the public IP's
This is a very straightforward config in Shorewall/iptables, but pfSense seemed to lack the config options needed to pull this off. For example, the GUI only has one drop-down field for interface, which doesn't seem clear to me. Is that the interface that the firewall responds to ARP requests on or is it the interface that actually has the system that really occupies that address?
A little help on configuring this for a pfSense newbie would be appreciated greatly.