Re: Problem with proxy arp in debian sarge kernel 2.6.x

To: Conny Brunnkvist <conny@fuchsia.se>
Cc: debian-isp@lists.debian.org
Subject: Re: Problem with proxy arp in debian sarge kernel 2.6.x
From: Erik Persson <erikp@djingis.se>
Date: Tue, 14 Mar 2006 21:05:15 +0100
Message-id: <[🔎] 441721FB.1020501@djingis.se>
In-reply-to: <[🔎] 4416FB8F.9010008@fuchsia.se>
References: <[🔎] 4411CB3F.7090405@djingis.se> <[🔎] 4416FB8F.9010008@fuchsia.se>

Conny Brunnkvist wrote:

Erik Persson skrev:

When I did some "preproduction" testing of the new router I noticed that
proxy arp didn't function, and I can't figure out why. I have tested
proxy arp on 2 different machined running debian sarge and kernel 2.6.x,
but it does not work on any of them.



For starters - you didn't do your testing on the same physical network
link as the "current" router, did you?

...I mean, just to exclude the risk that there's some ARP-cache out
there deceiving you.

//conny


I've solved the problem.

Linux does only proxy arp for ip-addresses it has a direct(?) route to,and, as far as I tested with the standard kernel settings, does notproxy arp for ip-addresses that ackording to the routing table should berouted back to the same interface the arp-request originated from (well,it really seems reasonble).


The setup for the functioning network was:
a.b.c.61/26<-->eth0:a.b.c.62/255[router]eth1:192.168.1.1/24<-->computers
..................................\-eth2:172.16.1.1/24<-->a.b.c.0/26

On the router there is a host route to a.b.c.61, while the a.b.c.0/26network is routed to eth2. default route to a.b.c.61.The computers connected to the same netwok as the eth2-interface of therouter have a host route to 172.16.1.1, as well as 172.16.1.1 as thedefault route.With this setup I can proxy arp for all addresses on the a.b.c.0/26network on the eth0 interface, even addresses that does not have aninterface anywhere. Thus I can DNAT for some of addresses on thea.b.c.0/26 network, even if there is no interface anywhere configuredwith that ip-address.


In my testing I was trying things like:
192.168.12.0/24<-->eth0:192.168.12.1/24[router]eth1:10.200.150.1/24<-->computers

And then proxy arp for a computer on the 192.168.12.0/24-network oneth0. Which was impossible to get to work.

With a setup like:
192.168.12.0/24<-->eth0:192.168.12.1/24[router]eth1:10.200.150.1/24<-->192.168.12.10

and a host route to 192.168.12.10 on the router (and other necessaryroutes on 192.168.12.10 and the router to get things to work).With this setup I could proxy arp for 192.168.12.10 on eth0, but not forany other ip-address on the 192.168.12.0/24 network.

I'm still interested in ways to get linux to answer and listen toip-addresses other than the ones it has configured interfaces for.There are programs (ex tarpits) that do stuff like this, so it shouldnot be impossible. Maybe some settings in /proc need to be changed?

/ep

Reply to:

Follow-Ups:
- Re: Problem with proxy arp in debian sarge kernel 2.6.x
  - From: Conny Brunnkvist <conny@fuchsia.se>

References:
- Problem with proxy arp in debian sarge kernel 2.6.x
  - From: Erik Persson <erikp@djingis.se>
- Re: Problem with proxy arp in debian sarge kernel 2.6.x
  - From: Conny Brunnkvist <conny@fuchsia.se>

Prev by Date: Re: Problem with proxy arp in debian sarge kernel 2.6.x
Next by Date: Re: Problem with proxy arp in debian sarge kernel 2.6.x
Previous by thread: Re: Problem with proxy arp in debian sarge kernel 2.6.x
Next by thread: Re: Problem with proxy arp in debian sarge kernel 2.6.x
Index(es):
- Date
- Thread