The configuration and use of Proxy-ARP is really quite simple, but is generally found to be quite confusing because what is actually being done behind the scenes is not understood. "True" bridging is a OSI layer 2 (link layer, e.g., Ethernet) protocol that makes use of only the 'Address Routing Protocol' (ARP) that only uses MAC address resolution. Bridging does not look at ip addresses of the connecting machine or make use of routing tables and ip-filtering, thus making OSI layer 3 (network layer, e.g., IPv4 addresses) filtering impossible. Routing is done on the OSI layer 3 and makes use of routing tables and firewalling by use of ip addresses and routing tables setup on the machine. Proxy-ARP acts as if it is a consolidation of both features of bridging and routing whereas a client machine is bound to a designated ip address that is answered by one (or more) of the router's interfaces, but is done at OSI layer 3 so that filtering of the traffic on this ip address can be done by the router instead of being "blindly" passed through the router.

Proxy-ARP has been an available feature of Linux kernels since the 2.0.x series and is technically enabled by the kernel through a set of boolean files on the /proc file system located at '/proc/sys/net/ipv4/conf/<interface>/proxy_arp'. The boolean toggle (0|1) in this set of files "disables|enables" proxy-arp by interface. Rather than setting this option by hand editing, proxy-arp is generally enabled by the firewall/filtering program on the system. Arp-cache entries can also be manually set (persistent) by use of the 'arp' utility. Many firewall applications, such as Shorewall, make use of both 'arp' and the kernel proc files. All traffic filtering with proxy-arp must be configured with the firewall/filtering application that you are using.

A couple of things you will want to keep in mind is that: