Hello everybody,
I would like some info about proxy arp behaviour.
I have a firewall linux running kernel 2.4.25
with 3 NIC. Proxy arp is enabled on two of them
(eth0 and eth1).
eth1 configuration is here:
ifconfig eth1 10.77.77.1 broadcast 10.77.77.3 netmask 255.255.255.252
ip route del 10.77.77.0/30 dev eth1
ip route add 172.17.1.0/24 dev eth1
echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
Hosts connected to eth1 are all 172.17.1.0/24.
The linux box is now replying to arp requests
that are sent by 172.17.1.0/24 hosts on the eth1
network segment. Is this because ip on eth1 is
10.77.77.1?
I think that linux should not reply to arp request
for 172.17.1.0/24 because of:
ip route add 172.17.1.0/24 dev eth1
Is this a bug?
TIA
On Thu, 25 Mar 2004, Marco Berizzi wrote:
> Hello everybody,
>
> I would like some info about proxy arp behaviour.
> I have a firewall linux running kernel 2.4.25
> with 3 NIC. Proxy arp is enabled on two of them
> (eth0 and eth1).
>
> eth1 configuration is here:
>
> ifconfig eth1 10.77.77.1 broadcast 10.77.77.3 netmask 255.255.255.252
> ip route del 10.77.77.0/30 dev eth1
> ip route add 172.17.1.0/24 dev eth1
>
> echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
>
> Hosts connected to eth1 are all 172.17.1.0/24.
> The linux box is now replying to arp requests
> that are sent by 172.17.1.0/24 hosts on the eth1
> network segment. Is this because ip on eth1 is
> 10.77.77.1?
>
> I think that linux should not reply to arp request
> for 172.17.1.0/24 because of:
>
> ip route add 172.17.1.0/24 dev eth1
>
> Is this a bug?
This problem comes up periodically and when it does there
results in a bunch of noise to show that "Linux works perfectly...",
but never with any resolution.
What needs to be answered by persons who know the network
code is how one "connects" a particular response to a
particular device.
This has become a FAQ and needs to have some written documentation
somewhere.
Cheers,
Dick Johnson
Penguin : Linux version 2.4.24 on an i686 machine (797.90 BogoMips).
Note 96.31% of all statistics are fiction.
Marco Berizzi wrote:
> eth1 configuration is here:
>
> ifconfig eth1 10.77.77.1 broadcast 10.77.77.3 netmask 255.255.255.252
> ip route del 10.77.77.0/30 dev eth1
> ip route add 172.17.1.0/24 dev eth1
>
> echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
>
> Hosts connected to eth1 are all 172.17.1.0/24.
> The linux box is now replying to arp requests
> that are sent by 172.17.1.0/24 hosts on the eth1
> network segment.
Arp requests for what IP addresses?
Chris
Chris Friesen wrote:
> Marco Berizzi wrote:
>
> > eth1 configuration is here:
> >
> > ifconfig eth1 10.77.77.1 broadcast 10.77.77.3 netmask 255.255.255.252
> > ip route del 10.77.77.0/30 dev eth1
> > ip route add 172.17.1.0/24 dev eth1
> >
> > echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
> >
> > Hosts connected to eth1 are all 172.17.1.0/24.
> > The linux box is now replying to arp requests
> > that are sent by 172.17.1.0/24 hosts on the eth1
> > network segment.
>
> Arp requests for what IP addresses?
The linux box is replying to arp requests for 172.17.1.0/24, sent
by 172.17.1.0/24 systems (windoze 2000 and Linux 2.4.25).
My apologies Chris.
I haven't full explained my configuration.
Here is:
ifconfig eth0 172.17.1.1 netmask 255.255.255.0
ifconfig eth1 10.77.77.1 netmask 255.255.255.252
ip route del 172.17.1.0/24 dev eth0
ip route del 10.77.77.0/30 dev eth1
ip route add 172.17.1.254 dev eth0
ip route add 172.17.1.0/24 dev eth1
ip rule add iif eth1 table dmz-ipsec priority 504
ip route add default via 172.17.1.254 dev eth0 table main metric 1
ip route add default via 172.17.1.254 dev eth0 table dmz-ipsec metric 1
ip route flush cache
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
Now, hosts connected to eth1 are all 172.17.1.0/24.
The linux box is now replying to arp requests for
172.17.1.0/24 hosts, sent by 172.17.1.0/24 hosts,
on the eth1 network segment.
Chris Friesen wrote:
> Marco Berizzi wrote:
>
> > eth1 configuration is here:
> >
> > ifconfig eth1 10.77.77.1 broadcast 10.77.77.3 netmask 255.255.255.252
> > ip route del 10.77.77.0/30 dev eth1
> > ip route add 172.17.1.0/24 dev eth1
> >
> > echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
> >
> > Hosts connected to eth1 are all 172.17.1.0/24.
> > The linux box is now replying to arp requests
> > that are sent by 172.17.1.0/24 hosts on the eth1
> > network segment.
>
> Arp requests for what IP addresses?
The linux box is replying to arp requests for 172.17.1.0/24, sent
by 172.17.1.0/24 systems (windoze 2000 and Linux 2.4.25).