Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
RE: [suse-security] proxy-arp problems ...
  • From: "Reckhard, Tobias" <tobias.reckhard@xxxxxxxxxxx>
  • Date: Fri, 7 Dec 2001 09:35:15 +0100
  • Message-id: <96C102324EF9D411A49500306E06C8D1A56C8F@xxxxxxxxxxxxxxxxx>
> I'm trying to get my firewall to do proxy-arp on behalf of
> some 'virtual' ips.
> this is what the entries look like in my arp table:
> ether 08:00:20:A5:04:26 C
> eth2
> * * MP
> eth2
> * * MP
> eth1
> * * MP
> eth0
> When I try and connect to the ip, the firewall is
> asking who has arp

I've succeeded with proxy-arp in the following setup:

Box 1
| (eth0)
Linux router (eth2)
Box 2

Box 1 doesn't know that 192.168.1/24 is split, its default router is *not*
the Linux router. Box 2 has the Linux router as its default gateway.

What I wanted to do was to be able to ping Box 2 from Box 1. Since Box 1
does not know that 192.168.1/24 is split, it expects Box 2 to be on the
locally attached network and will issue arp requests when it tries to send
IP packets to it. Therefore, the Linux router has to proxy-arp on behalf of
Box 2.

Here's what I did (entirely on the Linux router):
# echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

That was it. Then I pinged from Box 1 to Box 2 successfully. The ARP table
on Box 1 maps: to 00:60:b0:cd:1c:16 to 00:60:b0:cd:1c:16

While on the Linux router, has a different MAC address
associated with it.

I don't know what you're doing, so I can't tell where your mistake is.

< Previous Next >
Follow Ups