I think the VM can arp the internal gateway IP locally, since the ARP request never goes out to the physical world. But in this scenario, the ARP is coming from the outside. So the potential solution maybe:
add some flows or rules to allow only the SNAT node to process internal gateway IP ARP request.
I think the VM can arp the internal gateway IP locally, since the ARP request never goes out to the physical world. But in this scenario, the ARP is coming from the outside. So the potential solution maybe:
add some flows or rules to allow only the SNAT node to process internal gateway IP ARP request.
Thanks