Automagic proxy arp? - Chinh Nguyen

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Chinh Nguyen <cnguyen@certicom.com>
To: netfilter@lists.netfilter.org
Subject: Automagic proxy arp?
Date: Wed, 22 Feb 2006 10:24:03 -0500	[thread overview]
Message-ID: <43FC8213.2030606@certicom.com> (raw)

Hi,

I have a machine M that is 'walled' off from the rest of the local subnet
similar to this.

        .1        .2        .3       .4-.254
+-------+         +---------+
+   M   + ------ eth1  FW  eth0 ---- local subnet
+-------+         +---------+

With ip_forward on and using standard forward rules on FW (e.g., -A FORWARD
--in-interface eth1 -j ACCEPT, -A FORWARD --in-interface eth0 -m state --state
ESTABLISHED,RELATED -j ACCEPT), M can reach the local subnet.

However, I need to add a routing entry in M to send all local traffic to FW.
Otherwise, M will attempt to arp the destination as they are all on same subnet.
The linux arp man page claims that linux will "automagic proxy arp when a route
exists and it is forwarding".

Does anyone know how to set up iptables on FW to enable this "automagic"?

I've also tried using explicit forward rules such as "--in eth1 -d !.1 -j
ACCEPT", "--in eth1 -d .4 -j ACCEPT, --in eth1 -d .5 -j ACCEPT, etc." to no effect.

Thanks.

next             reply	other threads:[~2006-02-22 15:24 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-02-22 15:24 Chinh Nguyen [this message]
2006-02-22 16:13 ` Automagic proxy arp? Rob Sterenborg
2006-02-22 17:28   ` Chinh Nguyen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=43FC8213.2030606@certicom.com \
    --to=cnguyen@certicom.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.