All,
I'm trying to set up a new router/firewall using proxy arp "bridging",
(for instance as described here:
http://www.sjdjweis.com/linux/proxyarp/ )
I've got one box with 2 NICs. The both have the same IP-address,
netmask, broadcast addr etc.:
eth2: mtu 1500 qdisc pfifo_fast
link/ether 00:50:da:4e:ff:a6 brd ff:ff:ff:ff:ff:ff
inet nn.nn.nn.66/27 brd nn.nn.nn.95 scope global eth2
eth1: mtu 1500 qdisc pfifo_fast
link/ether 00:01:03:bb:20:1a brd ff:ff:ff:ff:ff:ff
inet nn.nn.nn.66/27 brd nn.nn.nn.95 scope global eth1
eth1 is external, eth2 is internal. The network is a /27.
I've got proxy_arp enabled on both interfaces, although I don't
quite understand why I need it on eth2. I've got forwarding enabled.
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Iface
nn.nn.nn.65 0.0.0.0 255.255.255.255 UH eth1
nn.nn.nn.64 0.0.0.0 255.255.255.224 U eth2
192.168.2.0 0.0.0.0 255.255.255.0 U eth0
169.254.0.0 0.0.0.0 255.255.0.0 U eth0
127.0.0.0 0.0.0.0 255.0.0.0 U lo
0.0.0.0 nn.nn.nn.65 0.0.0.0 UG eth1
If I try to ping an external host from a machine (nn.nn.nn.70) on the
internal(eth2) network, I see the ICMP echo request go out through
router, and I see the ICMP echo response come back in on eth1. But ...
it is not forwarded onto eth2 and the origin machine. It is as if it
is just dropped.
It's not getting caught by the firewall - I've also tried it with the
firewall disabled.
Even worse - I did manage to make this work from _one_ internal host,
but couldn't make it work from others.
This is pretty difficult to describe properly, but if you understand
about proxy arp etc. the description is probably not too bad :-)
What am I missing here??
/Per Jessen, Zürich
--
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse+help@opensuse.org