From: Vigneswaran R <vignesh@atc.tcs.com>
To: netfilter@vger.kernel.org
Cc: richard lucassen <mailinglists@lucassen.org>
Subject: Re: proxy_arp
Date: Mon, 28 Apr 2014 09:23:31 +0530 [thread overview]
Message-ID: <535DD0BB.7050503@atc.tcs.com> (raw)
In-Reply-To: <20140425193531.55f41d258f184710b44487a2@lucassen.org>
On 04/25/2014 11:05 PM, richard lucassen wrote:
> Hello list,
>
> I have two identical Linux servers, two identical vanilla kernels
> (3.2.57). I start an arping on srv1 to the *external* ip of srv2 using
> the *internal* rfc1918 addressed NIC (eth2)
>
> +------+ +------+
> eth0 | | eth2 eth2 | | eth0
> ip1a-------+ srv1 +--ip1b--<------>--ip2b--+ srv2 +--ip2a
> outside | | inside inside | | outside
> +------+ +------+
>
> arping using eth1 ^^ --via-> eth2 ^^ to this ip --^^^
>
> root@srv1# arping -I eth1 ip2a
> ARPING 213.34.90.190 from 172.31.255.249 eth2
> Unicast reply from 213.34.90.190 [00:15:17:F4:41:46] 0.891ms
> Unicast reply from 213.34.90.190 [00:15:17:F4:41:46] 0.799ms
> ^CSent 2 probes (1 broadcast(s))
> Received 2 response(s)
>
> No problem, it works as expected. The other way round however:
>
> +------+ +------+
> eth0 | | eth2 eth2 | | eth0
> ip1a-------+ srv1 +--ip1b--<------>--ip2b--+ srv2 +--ip2a
> outside | | inside inside | | outside
> +------+ +------+
>
> ^^--<- arping to this ip <--via--- ^^ using eth2
>
> root@srv2# arping -I eth2 213.34.90.130
> ARPING 213.34.90.130 from 172.31.255.250 eth2
> ^CSent 15 probes (15 broadcast(s))
> Received 0 response(s)
>
> srv1 does NOT reply to arp requests, even if I add an:
>
> "arp -sD eth1 ip1a" (which is not necessary)
>
> I compared all sysctl settings, they are equal. ip_forward is set to 1
> on both machines. The srv1 has a large iptables rulebase, the srv2 just
> some simple rules. A tcpdump shows that srv1 receives the arp requests
> but is not willing to honour the arp requests of srv2.
It seems, iptable rules will not affect the ARP. By any chance you have
arptables or ebtables installed on srv1 which is causing the problem?
http://www.linuxcommand.org/man_pages/arptables8.html
http://ebtables.sourceforge.net/examples/basic.html#ex_config
Regards,
Vignesh
>
> The goal is proxy_arping (which unexpectedly did not work), and I
> found out that the machine srv1 even does not reply to arp requests of
> its own ip addresses.
>
> Any thoughts or hints on this matter?
>
> R.
>
next prev parent reply other threads:[~2014-04-28 3:53 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-25 17:35 proxy_arp richard lucassen
2014-04-28 3:53 ` Vigneswaran R [this message]
[not found] ` <20140428190404.2786b822002cc5ad8f001ff7@lucassen.org>
2014-04-29 3:13 ` proxy_arp Vigneswaran R
2014-04-29 11:13 ` proxy_arp [resolved] richard lucassen
2014-04-29 11:19 ` Vigneswaran R
-- strict thread matches above, loose matches on Subject: below --
2014-04-27 5:43 proxy_arp fnavarro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=535DD0BB.7050503@atc.tcs.com \
--to=vignesh@atc.tcs.com \
--cc=mailinglists@lucassen.org \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.