Proxy ARP, defined in RFC 1027, allows a gateway (or router) to respond to ARP requests on behalf of a host that resides on a different physical network. This technique makes it possible for devices on separate networks to communicate as if they were on the same local subnet — without requiring changes to the hosts themselves.
In a typical ARP exchange, a source host sends a broadcast request to find the MAC address for a target IP. If the target is on the same physical network, it replies directly. But when the target is on a different network, it won’t receive the request — unless a gateway steps in and responds on its behalf. That gateway then forwards traffic to the actual host using standard IP routing. This process is known as Proxy ARP, and it allows seamless communication across routed networks while maintaining the appearance of a flat IP space.
When combined with 1:1 NAT (One-to-One Network Address Translation), Proxy ARP becomes a powerful way to expose internal devices (using private IPs) to external networks using public IPs. 1:1 NAT maps each public IP address to a specific private IP, translating all ports and protocols. This ensures that external traffic is forwarded directly to the intended internal device, and vice versa.
This article will guide you through configuring Proxy ARP and 1:1 NAT together — enabling external access to internal resources even when they're not directly on the same physical or logical subnet.