diff --git a/.gitignore b/.gitignore
index ae5d28e..9046928 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
 .idea
-config/config.sh
+config/*.sh
+!config/*.sh.example
 
 # ---> Python
 # Byte-compiled / optimized / DLL files
diff --git a/bridge/bridge-lan.sh b/bridge/nat/bridge-lan.sh
similarity index 95%
rename from bridge/bridge-lan.sh
rename to bridge/nat/bridge-lan.sh
index 3f9f853..2584b32 100755
--- a/bridge/bridge-lan.sh
+++ b/bridge/nat/bridge-lan.sh
@@ -8,10 +8,10 @@ while [ -L "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symli
 done
 DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
 
-if [[ -f "$DIR/../config/config.sh" ]]; then
-  . "$DIR/../config/config.sh"
+if [[ -f "$DIR/../../config/nat-config.sh" ]]; then
+  . "$DIR/../../config/nat-config.sh"
 else
-  echo "$DIR/../config/config.sh missing!"
+  echo "$DIR/../../config/nat-config.sh missing!"
   exit 1
 fi
 
diff --git a/bridge/bridge-reset.sh b/bridge/nat/bridge-reset.sh
similarity index 94%
rename from bridge/bridge-reset.sh
rename to bridge/nat/bridge-reset.sh
index f19c54d..7cc9375 100755
--- a/bridge/bridge-reset.sh
+++ b/bridge/nat/bridge-reset.sh
@@ -11,10 +11,10 @@ while [ -L "$SOURCE" ]; do
 done
 DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
 
-if [[ -f "$DIR/../config/config.sh" ]]; then
-  source "$DIR/../config/config.sh"
+if [[ -f "$DIR/../../config/nat-config.sh" ]]; then
+  . "$DIR/../../config/nat-config.sh"
 else
-  echo "$DIR/../config/config.sh missing!"
+  echo "$DIR/../../config/nat-config.sh missing!"
   exit 1
 fi
 
diff --git a/bridge/clone-client-mac.sh b/bridge/nat/clone-client-mac.sh
similarity index 89%
rename from bridge/clone-client-mac.sh
rename to bridge/nat/clone-client-mac.sh
index ecc9c71..79fd5c9 100755
--- a/bridge/clone-client-mac.sh
+++ b/bridge/nat/clone-client-mac.sh
@@ -11,10 +11,10 @@ while [ -L "$SOURCE" ]; do
 done
 DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
 
-if [[ -f "$DIR/../config/config.sh" ]]; then
-  . "$DIR/../config/config.sh"
+if [[ -f "$DIR/../../config/nat-config.sh" ]]; then
+  . "$DIR/../../config/nat-config.sh"
 else
-  echo "$DIR/../config/config.sh missing!"
+  echo "$DIR/../../config/nat-config.sh missing!"
   exit 1
 fi
 
diff --git a/bridge/get-dhcp-dns.sh b/bridge/nat/get-dhcp-dns.sh
similarity index 100%
rename from bridge/get-dhcp-dns.sh
rename to bridge/nat/get-dhcp-dns.sh
diff --git a/bridge/get_client_mac_address.sh b/bridge/nat/get_client_mac_address.sh
similarity index 100%
rename from bridge/get_client_mac_address.sh
rename to bridge/nat/get_client_mac_address.sh
diff --git a/bridge-install.sh b/bridge/nat/nat-install.sh
similarity index 97%
rename from bridge-install.sh
rename to bridge/nat/nat-install.sh
index 4c7a146..4c9924c 100755
--- a/bridge-install.sh
+++ b/bridge/nat/nat-install.sh
@@ -13,10 +13,10 @@ while [ -L "$SOURCE" ]; do
 done
 DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
 
-if [[ -f "$DIR/config/config.sh" ]]; then
-  source "$DIR/config/config.sh"
+if [[ -f "$DIR/../../config/nat-config.sh" ]]; then
+  . "$DIR/../../config/nat-config.sh"
 else
-  echo "$DIR/config/config.sh missing!"
+  echo "$DIR/../../config/nat-config.sh missing!"
   exit 1
 fi
 
diff --git a/wlan2eth.service b/bridge/nat/wlan2eth.service
similarity index 79%
rename from wlan2eth.service
rename to bridge/nat/wlan2eth.service
index 9fbee27..64eaea4 100644
--- a/wlan2eth.service
+++ b/bridge/nat/wlan2eth.service
@@ -6,7 +6,7 @@ After=basic.target network.target
 
 [Service]
 SyslogIdentifier=wlan2eth
-ExecStart=/bin/bash /opt/wlan2eth/wlan2eth.sh
+ExecStart=/bin/bash /opt/wlan2eth/bridge/nat/wlan2eth.sh
 Restart=always
 RestartSec=2
 
diff --git a/wlan2eth.sh b/bridge/nat/wlan2eth.sh
similarity index 90%
rename from wlan2eth.sh
rename to bridge/nat/wlan2eth.sh
index 33abd67..8d778df 100755
--- a/wlan2eth.sh
+++ b/bridge/nat/wlan2eth.sh
@@ -11,10 +11,10 @@ while [ -L "$SOURCE" ]; do
 done
 DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
 
-if [[ -f "$DIR/config/config.sh" ]]; then
-  source "$DIR/config/config.sh"
+if [[ -f "$DIR/../../config/nat-config.sh" ]]; then
+  . "$DIR/../../config/nat-config.sh"
 else
-  echo "config/config.sh missing!"
+  echo "$DIR/../../config/nat-config.sh missing!"
   exit 1
 fi
 
diff --git a/bridge/proxyarp/arp-install.sh b/bridge/proxyarp/arp-install.sh
new file mode 100755
index 0000000..96f8b65
--- /dev/null
+++ b/bridge/proxyarp/arp-install.sh
@@ -0,0 +1,192 @@
+#!/bin/bash
+
+SOURCE=${BASH_SOURCE[0]}
+while [ -L "$SOURCE" ]; do
+  DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
+  SOURCE=$(readlink "$SOURCE")
+  [[ $SOURCE != /* ]] && SOURCE=$DIR/$SOURCE
+done
+DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
+
+if [[ -f "$DIR/../../config/arp-config.sh" ]]; then
+  . "$DIR/../../config/arp-config.sh"
+else
+  echo "$DIR/../../config/arp-config.sh missing!"
+  exit 1
+fi
+
+if [ "$(id -u)" -ne 0 ]; then
+  echo 'This script must be run as root.' >&2
+  exit 1
+fi
+
+# ==============================================================================
+# Setup
+
+echo -e "# PREPARE ENVIRONMENT #"
+
+# Reset interfaces
+iptables -X
+iptables -F
+iptables -t nat -X
+iptables -t nat -F
+echo "Erased all iptables rules."
+
+ifconfig $WLAN_IFACE down
+ifconfig $WLAN_IFACE hw ether $(ethtool -P $WLAN_IFACE | awk '{print $3}')
+ifconfig $WLAN_IFACE up
+echo "Reset the $WLAN_IFACE WiFi interface."
+
+while true; do
+  WLAN_IFACE_IP=$(ip -4 -br addr show $WLAN_IFACE | grep -Po "\\d+\\.\\d+\\.\\d+\\.\\d+")
+  if [ -n "${WLAN_IFACE_IP}" ]; then
+    echo "Got it!"
+    break
+  fi
+  echo "Waiting for $WLAN_IFACE to get an IP..."
+  sleep 5
+done
+
+# We only need to get the $WLAN_IFACE IP address and will copy it over to $ETH_IFACE later
+WLAN_NETMASK=$(ip addr show $WLAN_IFACE | grep -w inet | awk '{print $2}' | cut -d'/' -f2)
+WLAN_NETMASK_CIDR=$(ip addr show $WLAN_IFACE | grep -w inet | awk '{print $2}' | cut -d'/' -f2)
+
+if $NON_INTERACTIVE; then
+  NON_INTERACTIVE_APT="-y"
+else
+  NON_INTERACTIVE_APT=""
+fi
+
+# ==============================================================================
+# Install stuff
+
+echo -e "\n# INSTALL THINGS #"
+echo -e "Upgrading...\n"
+
+apt-get update
+apt-get upgrade $NON_INTERACTIVE_APT
+
+echo -e "\n"
+
+THINGS_TO_INSTALL="net-tools ethtool openssh-server parprouted dhcp-helper"
+
+if ! $NON_INTERACTIVE; then
+  echo "Going to install: $THINGS_TO_INSTALL"
+  read -p "Press ENTER to continue or CTRL+C to cancel..."
+fi
+
+echo -e "\n"
+
+apt-get install $NON_INTERACTIVE_APT $THINGS_TO_INSTALL
+
+if ! $NON_INTERACTIVE; then
+  echo -e "\nGoing to replace networking with systemd-networkd."
+  read -p "Press ENTER to continue or CTRL+C to cancel..."
+fi
+
+systemctl stop dhcp-helper
+
+apt-get autoremove --purge $NON_INTERACTIVE_APT ifupdown dhcpcd5 isc-dhcp-client isc-dhcp-common
+
+echo -e "\n\nConnecting to WiFi..."
+
+WPA_SUPP_FILE="/etc/wpa_supplicant/wpa_supplicant-$WLAN_IFACE.conf"
+cat >"$WPA_SUPP_FILE" <<EOF
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
+update_config=1
+country=USifconfig $WLAN_IFACE
+network={
+ ssid="$WIFI_SSID"
+ scan_ssid=1
+ key_mgmt=WPA-EAP
+ eap=PEAP
+ identity="$WIFI_USERNAME"
+ password="$WIFI_PWD"
+ phase1="peaplabel=0"
+ phase2="auth=MSCHAPV2"
+}
+EOF
+chmod 600 "$WPA_SUPP_FILE"
+echo "Created wpa_supplicant: $WPA_SUPP_FILE"
+systemctl disable wpa_supplicant.service
+systemctl stop wpa_supplicant.service
+systemctl enable --now wpa_supplicant@$WLAN_IFACE.service
+systemctl status --no-pager wpa_supplicant@$WLAN_IFACE.service
+echo ""
+ifconfig $WLAN_IFACE
+
+echo -e "\n"
+NET_CONF_FILE="/etc/systemd/network/08-$WLAN_IFACE.network"
+cat >"$NET_CONF_FILE" <<EOF
+[Match]
+Name=$WLAN_IFACE
+[Network]
+IPForward=yes
+DHCP=yes
+EOF
+echo "Created network config for the $WLAN_IFACE WiFi interface."
+echo -e "Finishing systemd-networkd install...\n"
+apt-get install $NON_INTERACTIVE_APT libnss-resolve
+ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
+systemctl enable --now systemd-resolved.service
+systemctl restart systemd-networkd.service
+
+sed -i'' 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
+sysctl -p /etc/sysctl.conf
+echo "Set net.ipv4.ip_forward=1 in /etc/sysctl.conf"
+
+# ==============================================================================
+# Configure
+
+# Configure dhcp-helper.
+DHCP_IPS=""
+for ip in $DHCP_SERVERS; do
+    DHCP_IPS+=" -s $ip"
+done
+cat > /etc/default/dhcp-helper <<EOF
+DHCPHELPER_OPTS="$DHCP_IPS"
+EOF
+
+
+# Enable avahi reflector if it's not already enabled.
+sed -i'' 's/#enable-reflector=no/enable-reflector=yes/' /etc/avahi/avahi-daemon.conf
+grep '^enable-reflector=yes$' /etc/avahi/avahi-daemon.conf || {
+  printf "something went wrong...\n\n"
+  printf "Manually set 'enable-reflector=yes in /etc/avahi/avahi-daemon.conf'\n"
+}
+
+cat > /etc/systemd/system/parprouted.service <<EOF
+[Unit]
+Description=proxy arp routing service
+Documentation=https://raspberrypi.stackexchange.com/q/88954/79866
+#Requires=sys-subsystem-net-devices-$WLAN_IFACE.device dhcpcd.service
+#After=sys-subsystem-net-devices-$WLAN_IFACE.device dhcpcd.service
+After=network.target
+
+[Service]
+Type=forking
+# Restart until $WLAN_IFACE gained carrier
+Restart=on-failure
+RestartSec=5
+TimeoutStartSec=30
+# clone the dhcp-allocated IP to $ETH_IFACE so dhcp-helper will relay for the correct subnet
+ExecStartPre=/bin/bash -c '/sbin/ip addr add \$(/sbin/ip -4 -br addr show $WLAN_IFACE | /bin/grep -Po "\\\d+\\\.\\\d+\\\.\\\d+\\\.\\\d+")/32 dev $ETH_IFACE'
+ExecStartPre=/sbin/ip link set dev $ETH_IFACE up
+ExecStartPre=/sbin/ip link set $WLAN_IFACE promisc on
+ExecStart=-/usr/sbin/parprouted $ETH_IFACE $WLAN_IFACE
+ExecStopPost=/sbin/ip link set $WLAN_IFACE promisc off
+ExecStopPost=/sbin/ip link set dev $ETH_IFACE down
+ExecStopPost=/bin/bash -c '/sbin/ip addr del \$(/sbin/ip -4 -br addr show $WLAN_IFACE | /bin/grep -Po "\\\d+\\\.\\\d+\\\.\\\d+\\\.\\\d+")/32 dev $ETH_IFACE'
+
+[Install]
+WantedBy=wpa_supplicant.service
+EOF
+
+systemctl daemon-reload
+systemctl enable --now parprouted dhcp-helper
+systemctl restart parprouted dhcp-helper
+
+systemctl status --no-pager dhcp-helper
+systemctl status --no-pager parprouted
+
+echo -e "\n==============\nDone!\nNow reboot!"
diff --git a/config/config.sh.example b/config/nat-config.sh.example
similarity index 61%
rename from config/config.sh.example
rename to config/nat-config.sh.example
index ef4bac5..0680db1 100644
--- a/config/config.sh.example
+++ b/config/nat-config.sh.example
@@ -18,13 +18,5 @@ WIFI_SSID="Example-Network"
 WIFI_USERNAME="username"
 WIFI_PWD="password"
 
-# Make this port accessible on the router and have its SSH server on it.
-# The installer will modify the SSH server's config for you.
-ROUTER_SSH_PORT=64535
-
-# "transparent": the bridge device clones the client's MAC address and NATs traffic to a private LAN. Only supports one bridged client.
-# TODO: support bridging multiple clients connected to an ethernet hub
-# BRIDGE_MODE="transparent"
-
 # Don't prompt the user for confirmation
 NON_INTERACTIVE=false