Re: Proxy arping - Martijn Lievaart

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Martijn Lievaart <m@rtij.nl>
To: Andres Paglayan <andres@paglayan.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: Proxy arping
Date: Thu, 03 May 2007 21:31:41 +0200	[thread overview]
Message-ID: <463A389D.8050206@rtij.nl> (raw)
In-Reply-To: <4BE2588D-6B2F-4D89-A5DC-149A048545D6@paglayan.com>

Andres Paglayan wrote:
> Hi,
>
> how can I  properly set proxy arping in a one to one mapped nat?
>
> I have a router with 192.168.1.0 in one side (our lan eth0) and 
> 192.168.50.0 in the other (other lan eth2),
> plus an internet gateway (eth3)
>
> this is the routing table
>
> root@ipcop:~/scripts # route
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    
> Use Iface
> 192.168.50.0    *               255.255.255.0   U     0      0        
> 0 eth2
> 192.168.2.0     *               255.255.255.0   U     0      0        
> 0 eth1
> 192.168.1.0     *               255.255.255.0   U     0      0        
> 0 eth0
> 65.19.28.0      *               255.255.255.0   U     0      0        
> 0 eth3
> 172.22.0.0      *               255.255.254.0   U     0      0        
> 0 eth2
> 172.16.2.0      *               255.255.254.0   U     0      0        
> 0 eth2
> 172.16.0.0      *               255.255.254.0   U     0      0        
> 0 eth2
> default         65.19.28.1      0.0.0.0         UG    0      0        
> 0 eth3
>
>
> at the 50.0 side, I am routing traffic to other subnets as well, ie 
> 172.16.2.0/23
>
> For the applications we are running, instead of regular natting,
> I am using NETMAP target of iptables,
> which instead of making the packets as going out from 192.168.50.1
> they are mapped to addresses at 50.0/24
> i.e. when packet goes from 192.168.1.5 to 172.16.2.34 trasversing the 
> 192.168.50.1 device
> the router mangles it an makes it appear as going out from 
> 192.168.50.5 and then translates back
>
> everything goes fabulous, but I am having a problem with arping,
> arp questions addressed to 192.168.50.0/24 are not reaching my 
> router's device,
>
> I have been reading and experimenting with this a bunch,
> echo 1 > /proc/sys/net/ipv4/conf/eth2/proxy_arp (an to eth0)
> on the proper device is set, but still not proxy arping,
>
>
> is there anybody with experience on this proxy arp issue?

The usual way is to add static arp entries.

# (untested code)
for i in `seq 2 254` do
    arp -Ds 192.168.50.$i eth2 pub
done

HTH,
M4

next prev parent reply	other threads:[~2007-05-03 19:31 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-05-03 16:44 Proxy arping Andres Paglayan
2007-05-03 18:12 ` Jan Engelhardt
2007-05-03 19:31 ` Martijn Lievaart [this message]
2007-05-03 20:03   ` Jan Engelhardt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=463A389D.8050206@rtij.nl \
    --to=m@rtij.nl \
    --cc=andres@paglayan.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.