Conny Brunnkvist wrote:
Erik Persson skrev:When I did some "preproduction" testing of the new router I noticed that proxy arp didn't function, and I can't figure out why. I have tested proxy arp on 2 different machined running debian sarge and kernel 2.6.x, but it does not work on any of them.For starters - you didn't do your testing on the same physical network link as the "current" router, did you? ...I mean, just to exclude the risk that there's some ARP-cache out there deceiving you. //conny
I've solved the problem.Linux does only proxy arp for ip-addresses it has a direct(?) route to, and, as far as I tested with the standard kernel settings, does not proxy arp for ip-addresses that ackording to the routing table should be routed back to the same interface the arp-request originated from (well, it really seems reasonble).
The setup for the functioning network was: a.b.c.61/26<-->eth0:a.b.c.62/255[router]eth1:192.168.1.1/24<-->computers ..................................\-eth2:172.16.1.1/24<-->a.b.c.0/26On the router there is a host route to a.b.c.61, while the a.b.c.0/26 network is routed to eth2. default route to a.b.c.61. The computers connected to the same netwok as the eth2-interface of the router have a host route to 172.16.1.1, as well as 172.16.1.1 as the default route. With this setup I can proxy arp for all addresses on the a.b.c.0/26 network on the eth0 interface, even addresses that does not have an interface anywhere. Thus I can DNAT for some of addresses on the a.b.c.0/26 network, even if there is no interface anywhere configured with that ip-address.
In my testing I was trying things like: 192.168.12.0/24<-->eth0:192.168.12.1/24[router]eth1:10.200.150.1/24<-->computersAnd then proxy arp for a computer on the 192.168.12.0/24-network on eth0. Which was impossible to get to work.
With a setup like: 192.168.12.0/24<-->eth0:192.168.12.1/24[router]eth1:10.200.150.1/24<-->192.168.12.10and a host route to 192.168.12.10 on the router (and other necessary routes on 192.168.12.10 and the router to get things to work). With this setup I could proxy arp for 192.168.12.10 on eth0, but not for any other ip-address on the 192.168.12.0/24 network.
I'm still interested in ways to get linux to answer and listen to ip-addresses other than the ones it has configured interfaces for. There are programs (ex tarpits) that do stuff like this, so it should not be impossible. Maybe some settings in /proc need to be changed?
/ep