* [LARTC] Does anyone have a working proxyARP setup?
@ 2004-10-09 4:41 gypsy
2004-10-09 8:05 ` Martin Volf
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: gypsy @ 2004-10-09 4:41 UTC (permalink / raw)
To: lartc
If you have a working proxyARP setup, will you please post it?
I've tried to insert a Linux box between the DSL connection and the
switch, but I'm getting nowhere. Everything works correctly when all
the servers in this network use the switch to get to the DSL. Any box
directly connected to the DSL also works correctly.
http://www.sjdjweis.com/linux/proxyarp/
makes it sound easy, but none of the machines except the new one can get
out when I set this up. From any computer except the intended proxyARP
box, 'traceroute -n ANYTHING' stops after the first hop (.96) succeeds;
'ping .97' fails. I don't know (or care yet) if anything gets in.
(I really have a /29 network, but for consistency I'm showing a /28):
gypsy> ifconfig eth0 x.x.x.96 broadcast x.x.x.111 netmask
255.255.255.240
gypsy> ifconfig eth1 x.x.x.96 broadcast x.x.x.111 netmask
255.255.255.240
gypsy> route add default gw x.x.x.97 metric 1
Weis> # interface definitions
Weis> BAD_IFACE=eth0
Weis>
Weis> DMZ_IFACE=eth1
Weis> DMZ_ADDR=x.x.x.96/28
Weis>
Weis> ip route del x.x.x.96/28 dev $BAD_IFACE
Weis> ip route del x.x.x.96/28 dev $DMZ_IFACE
Weis> ip route add x.x.x.97 dev $BAD_IFACE
Weis> ip route add x.x.x.96/28 dev $DMZ_IFACE
Weis>
Weis> # we need proxy arp for the dmz network
Weis> echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
Weis> echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
Weis>
Weis> # turn on ip forwarding
Weis> echo 1 > /proc/sys/net/ipv4/ip_forward
The kernel is 2.4.26, iproute2 is 2-2.6.8
--
Call me stumped,
gypsy
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [LARTC] Does anyone have a working proxyARP setup?
2004-10-09 4:41 [LARTC] Does anyone have a working proxyARP setup? gypsy
@ 2004-10-09 8:05 ` Martin Volf
2004-10-09 17:46 ` gypsy
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Martin Volf @ 2004-10-09 8:05 UTC (permalink / raw)
To: lartc
gypsy wrote:
...
> gypsy> ifconfig eth0 x.x.x.96 broadcast x.x.x.111 netmask
> 255.255.255.240
> gypsy> ifconfig eth1 x.x.x.96 broadcast x.x.x.111 netmask
> 255.255.255.240
...
I think you can't use x.x.x.96 here, because it is the address of your network
x.x.x.96/28. Useable ip addresses are .97 - .110. And you can't have the same
ip address and netmask on two interfaces. Use maybe 'netmask 255.255.255.255'
on one of them.
As far as the question in the subject is concerned, yes, I have.
--
Martin
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [LARTC] Does anyone have a working proxyARP setup?
2004-10-09 4:41 [LARTC] Does anyone have a working proxyARP setup? gypsy
2004-10-09 8:05 ` Martin Volf
@ 2004-10-09 17:46 ` gypsy
2004-10-12 13:33 ` gypsy
2004-10-12 16:55 ` Martin Volf
3 siblings, 0 replies; 5+ messages in thread
From: gypsy @ 2004-10-09 17:46 UTC (permalink / raw)
To: lartc
Martin Volf wrote:
>
> gypsy wrote:
> ...
> > gypsy> ifconfig eth0 x.x.x.96 broadcast x.x.x.111 netmask
> > 255.255.255.240
> > gypsy> ifconfig eth1 x.x.x.96 broadcast x.x.x.111 netmask
> > 255.255.255.240
>
> I think you can't use x.x.x.96 here, because it is the address of your network
> x.x.x.96/28. Useable ip addresses are .97 - .110. And you can't have the same
> ip address and netmask on two interfaces. Use maybe 'netmask 255.255.255.255'
> on one of them.
> --
> Martin
I have tried all IPs in the range, but I have not tried different
netmasks. Thanks for that tip.
Could you please post the output of 'route -n', 'ip route' and 'ip neigh
show' as well as any 'ip route [add|del|*]' commands you run?
I really believe that either the kernel thinks there are spoofed IPs or
- most likely - that my routing table is junk.
Here is a quote from http://www.sjdjweis.com/linux/proxyarp/ which is
why I set both the same:
> After you have the above steps done, you will need to configure your network cards. This step should be done off of the
> network since you may end up with some conflicting addresses. Give two NIC's identical IP addresses, subnet masks, and
> gateways. The IP you choose needs to be an unused address on your network. In my case, I used x.x.x.98, since my router is
> at x.x.x.97. You could actually use about any address on the wire that isn't in use.
gypsy
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LARTC] Does anyone have a working proxyARP setup?
2004-10-09 4:41 [LARTC] Does anyone have a working proxyARP setup? gypsy
2004-10-09 8:05 ` Martin Volf
2004-10-09 17:46 ` gypsy
@ 2004-10-12 13:33 ` gypsy
2004-10-12 16:55 ` Martin Volf
3 siblings, 0 replies; 5+ messages in thread
From: gypsy @ 2004-10-12 13:33 UTC (permalink / raw)
To: lartc
gypsy wrote:
>
> Martin Volf wrote:
> > I think you can't use x.x.x.96 here, because it is the address of your network
> > x.x.x.96/28. Useable ip addresses are .97 - .110. And you can't have the same
> > ip address and netmask on two interfaces. Use maybe 'netmask 255.255.255.255'
> > on one of them.
>
> Could you please post the output of 'route -n', 'ip route' and 'ip neigh
> show' as well as any 'ip route [add|del|*]' commands you run?
I guess not. Martin, is there some reason you do not wish to post these
things?
gypsy
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LARTC] Does anyone have a working proxyARP setup?
2004-10-09 4:41 [LARTC] Does anyone have a working proxyARP setup? gypsy
` (2 preceding siblings ...)
2004-10-12 13:33 ` gypsy
@ 2004-10-12 16:55 ` Martin Volf
3 siblings, 0 replies; 5+ messages in thread
From: Martin Volf @ 2004-10-12 16:55 UTC (permalink / raw)
To: lartc
gypsy wrote:
>>Could you please post the output of 'route -n', 'ip route' and 'ip neigh
>>show' as well as any 'ip route [add|del|*]' commands you run?
>
> I guess not. Martin, is there some reason you do not wish to post these
> things?
Hello,
sorry for the delay. I have used something like this:
router:
ifconfig eth0 172.16.7.42 netmask 255.255.255.0 broadcast 172.16.7.255
route add default gw 172.16.7.1
ifconfig eth1 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255
ifconfig eth2 192.168.1.1 netmask 255.255.255.255 -broadcast
route add -host 192.168.1.17 device eth2
route add -host 192.168.1.18 device eth2
route add -host 192.168.1.19 device eth2
echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth2/proxy_arp
The network 192.168.1.0/24 is divided into two parts, ip addresses
192.168.1.17, .18, .19 are connected to eth2, other ip addresses to eth1.
192.168.1.17:
ifconfig eth0 192.168.1.17 netmask 255.255.255.0 broadcast 192.168.1.255
route add default gw 192.168.1.1
traceroute from 192.168.1.17 do 192.168.1.2:
1 192.168.1.1 1.08 ms 0.73 ms 0.723 ms
2 192.168.1.2 0.85 ms 0.77 ms 0.715 ms
"arp -an" at 192.168.1.17:
? (192.168.1.1) at 00:00:B4:9F:A4:58 [ether] on eth0
? (192.168.1.2) at 00:00:B4:9F:A4:58 [ether] on eth0
(note the same MAC address)
HTH,
--
Martin
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2004-10-12 16:55 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-10-09 4:41 [LARTC] Does anyone have a working proxyARP setup? gypsy
2004-10-09 8:05 ` Martin Volf
2004-10-09 17:46 ` gypsy
2004-10-12 13:33 ` gypsy
2004-10-12 16:55 ` Martin Volf
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.