RE: [suse-security] Connecting firewall directly to router ... - openSUSE Security - openSUSE Mailing Lists

newer
RE: [suse-security] Connecting...

RE: [suse-security] Connecting firewall directly to router ...

older
Compiling Sendmail 8.12.1

Reckhard, Tobias

3 Dec 2001 3 Dec '01

07:09

I read the man page for arp. It says that the kernel does automagic arp if a route exists between the subnets.

Did you also do 'man 7 arp'? That page says that the interface in question has to have proxy arp enabled. It's a sysctl thing, check /proc/sys/net/ipv4/conf/<IF>/proxy_arp. Cheers Tobias

Reply

Sign in to reply online Use email software

Show replies by date

Søren Kent Jensen

3 Dec 3 Dec

20:12

New subject: [suse-security] Connecting firewall directly to router ...

I too had problems with proxy arp. I got it to work (with help) by doing a 'arp -i eth0 -s xxx.xxx.xxx.xxx 00:00:00:00:00:00 pub Where eth0 is the outside if and xxx.xxx.xxx.xxx is the outside IP address. And of cause the correct MAC address of that interface. But it dident work before I added a route!!!! 'route add -host xxx.xxx.xxx.xxx eth1' Where eth1 is the inside of my firewall. Hope you can make it work. Regards Søren Kent Jensen ----- Original Message ----- From: "Reckhard, Tobias" To: "'Ray Leach'" ; "Reckhard, Tobias" ; Sent: Monday, December 03, 2001 8:09 AM Subject: RE: [suse-security] Connecting firewall directly to router ...

...
I read the man page for arp. It says that the kernel does automagic arp if a route exists between the subnets.

Did you also do 'man 7 arp'? That page says that the interface in question has to have proxy arp enabled. It's a sysctl thing, check /proc/sys/net/ipv4/conf/<IF>/proxy_arp.

Cheers Tobias

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

Reply

Sign in to reply online Use email software

Ray Leach

5 Dec 5 Dec

10:00

New subject: [suse-security] Connecting firewall directly to router ...

On Mon 03 Dec 01 22:12, Søren Kent Jensen wrote:

I too had problems with proxy arp.

I got it to work (with help) by doing a 'arp -i eth0 -s xxx.xxx.xxx.xxx 00:00:00:00:00:00 pub Where eth0 is the outside if and xxx.xxx.xxx.xxx is the outside IP address. And of cause the correct MAC address of that interface. But it dident work before I added a route!!!! 'route add -host xxx.xxx.xxx.xxx eth1' Where eth1 is the inside of my firewall.

Hope you can make it work.

Regards Søren Kent Jensen

Hi I've tried several things to get this to work. Does my DMZ have to have public IPs for this to work? I've done this : iptables -t nat -A PREROUTING -p tcp --dport 80 -d 66.8.45.171 -j DNAT --to-destination 192.168.1.171:80 arp -i eth0 -s 66.8.45.171 00:01:02:50:B8:9E pub echo "1" > /proc/sys/net/ipv4/conf/eth0/proxy_arp This didn't work. I still get arp requests for 66.8.45.171 from the router at 66.8.45.161, but my firewall (66.8.45.162) does not answer them. I tried to add a route for 66.8.45.171 to route via 192.168.1.1 (DMZ interface). Any more ideas? Ray

Reply

Sign in to reply online Use email software

8184

Age (days ago)

8186

Last active (days ago)

Download

2 comments

3 participants

tags

participants (3)

Ray Leach
Reckhard, Tobias
Søren Kent Jensen