[LARTC] proxy arp and routing

[LARTC] proxy arp and routing

[David Koski]

Hello,

Given the network map below, I am able to ping any ip on all networks from the
linux box.  However, from the cisco router, I cannot ping past eth1 on the linux
box.  The reverse is also true; I cannot ping past eth0 from a host on LAN. 
proxy-arp is enabled on the linux box and the route to a.b.c.0/24 is added to
the cisco router.  I haven't a clue why either way, I can only get to the far
side of the linux box but no further.

On second thought, maybe this is not an application for proxy-arp.  Your
thoughts are appreciated.

    T1 to ISP
        |
        | /30 net
        |
+----------------+
| cisco router   |
+----------------+
        | FastEthernet0/0
        | a.b.c.1/28
        |
 (possible switch/hub here in future)
 (ip range = a.b.c.1-15)
        |
        | a.b.c.2/28
        | eth0
+----------------+
|                |
|           eth1 |---a.b.c.16/24-public-net-----> LAN
|                |   (ip range = a.b.c.16-255)
| linux box      |
|           eth2 |---192.168.1.0/24-- *
|                | * (not revelant to discussion)
+----------------+

David Koski
david@KosmosIsland.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

Re: [LARTC] proxy arp and routing

[David Koski]

I am not sure what you mean by that but ifconfig shows the correct
ip/netmask/broadcast for each ip.  Did I miss something?

David

On Fri, 1 Feb 2002 23:27:28 -0500
"Admin Nplus" <admin@nplus.ca> wrote:

> did you tell the linux box what ip is where on what side ?
> 
> ----- Original Message -----
> From: "David Koski" <david@kosmosisland.com>
> To: "LARTC" <lartc@mailman.ds9a.nl>
> Sent: Friday, February 01, 2002 5:41 PM
> Subject: [LARTC] proxy arp and routing
> 
> 
> > Hello,
> >
> > Given the network map below, I am able to ping any ip on all networks from
> the
> > linux box.  However, from the cisco router, I cannot ping past eth1 on the
> linux
> > box.  The reverse is also true; I cannot ping past eth0 from a host on
> LAN.
> > proxy-arp is enabled on the linux box and the route to a.b.c.0/24 is added
> to
> > the cisco router.  I haven't a clue why either way, I can only get to the
> far
> > side of the linux box but no further.
> >
> > On second thought, maybe this is not an application for proxy-arp.  Your
> > thoughts are appreciated.
> >
> >     T1 to ISP
> >         |
> >         | /30 net
> >         |
> > +----------------+
> > | cisco router   |
> > +----------------+
> >         | FastEthernet0/0
> >         | a.b.c.1/28
> >         |
> >  (possible switch/hub here in future)
> >  (ip range = a.b.c.1-15)
> >         |
> >         | a.b.c.2/28
> >         | eth0
> > +----------------+
> > |                |
> > |           eth1 |---a.b.c.16/24-public-net-----> LAN
> > |                |   (ip range = a.b.c.16-255)
> > | linux box      |
> > |           eth2 |---192.168.1.0/24-- *
> > |                | * (not revelant to discussion)
> > +----------------+
> >
> > David Koski
> > david@KosmosIsland.com
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
> >
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

Re: [LARTC] proxy arp and routing

[David Koski]

On Sat, 2 Feb 2002 10:19:13 +0100
Leen Besselink <leen@wirehub.nl> wrote:

> * David Koski (david@kosmosisland.com) wrote:
> > I am not sure what you mean by that but ifconfig shows the correct
> > ip/netmask/broadcast for each ip.  Did I miss something?
> > 
> maybe you could show us the routing table(s) ?
> also did you turn on ip forwarding (/proc/sys/net/ipv4/ip_forward) ?

That would be tough because I had to revert back to get it back working. 
Currently, the public block is routed arround the linux box instead of through
it, just to keep it going.  But it looked just as I would expect given the
ifconfig and /etc/sysconfig/* settings.

I have a howto on an alternate method of proxy arp'ing.  It uses identical
assignments on eth0 and eth1 instead of using different netmasks.  But it uses
static routes.  Maybe I'll try that.  But I would still like to know why the
other did not work.  Is it possible that with the method I tried, proxy arp is
not necessary and only interferes?

David
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

Re: [LARTC] proxy arp and routing

[David Koski]

Sorry, yes.  forwarding is enabled.

David

On Sat, 2 Feb 2002 13:36:23 -0500
"Admin Nplus" <admin@nplus.ca> wrote:

> does ipforwarding is enabled ?
> =1 ?
> 
> ----- Original Message -----
> From: "David Koski" <david@kosmosisland.com>
> To: "LARTC" <lartc@mailman.ds9a.nl>
> Sent: Saturday, February 02, 2002 12:13 AM
> Subject: Re: [LARTC] proxy arp and routing
> 
> 
> > I am not sure what you mean by that but ifconfig shows the correct
> > ip/netmask/broadcast for each ip.  Did I miss something?
> >
> > David
> >
> > On Fri, 1 Feb 2002 23:27:28 -0500
> > "Admin Nplus" <admin@nplus.ca> wrote:
> >
> > > did you tell the linux box what ip is where on what side ?
> > >
> > > ----- Original Message -----
> > > From: "David Koski" <david@kosmosisland.com>
> > > To: "LARTC" <lartc@mailman.ds9a.nl>
> > > Sent: Friday, February 01, 2002 5:41 PM
> > > Subject: [LARTC] proxy arp and routing
> > >
> > >
> > > > Hello,
> > > >
> > > > Given the network map below, I am able to ping any ip on all networks
> from
> > > the
> > > > linux box.  However, from the cisco router, I cannot ping past eth1 on
> the
> > > linux
> > > > box.  The reverse is also true; I cannot ping past eth0 from a host on
> > > LAN.
> > > > proxy-arp is enabled on the linux box and the route to a.b.c.0/24 is
> added
> > > to
> > > > the cisco router.  I haven't a clue why either way, I can only get to
> the
> > > far
> > > > side of the linux box but no further.
> > > >
> > > > On second thought, maybe this is not an application for proxy-arp.
> Your
> > > > thoughts are appreciated.
> > > >
> > > >     T1 to ISP
> > > >         |
> > > >         | /30 net
> > > >         |
> > > > +----------------+
> > > > | cisco router   |
> > > > +----------------+
> > > >         | FastEthernet0/0
> > > >         | a.b.c.1/28
> > > >         |
> > > >  (possible switch/hub here in future)
> > > >  (ip range = a.b.c.1-15)
> > > >         |
> > > >         | a.b.c.2/28
> > > >         | eth0
> > > > +----------------+
> > > > |                |
> > > > |           eth1 |---a.b.c.16/24-public-net-----> LAN
> > > > |                |   (ip range = a.b.c.16-255)
> > > > | linux box      |
> > > > |           eth2 |---192.168.1.0/24-- *
> > > > |                | * (not revelant to discussion)
> > > > +----------------+
> > > >
> > > > David Koski
> > > > david@KosmosIsland.com
> > > > _______________________________________________
> > > > LARTC mailing list / LARTC@mailman.ds9a.nl
> > > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
> http://ds9a.nl/lartc/
> > > >
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
> >
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

Re: [LARTC] proxy arp and routing

[Ard van Breemen]

On Fri, Feb 01, 2002 at 02:41:49PM -0800, David Koski wrote:
> Given the network map below, I am able to ping any ip on all networks from the
> linux box.  However, from the cisco router, I cannot ping past eth1 on the linux
> box.  The reverse is also true; I cannot ping past eth0 from a host on LAN. 
> proxy-arp is enabled on the linux box and the route to a.b.c.0/24 is added to
> the cisco router.  I haven't a clue why either way, I can only get to the far
> side of the linux box but no further.
I do not care about your ascii art, just about the following:
ip route show
/proc/sys/net/ipv4/conf/eth[012]/proxy_arp
/proc/sys/net/ipv4/conf/eth[012]/rp_filter
/proc/sys/net/ipv4/ip_forward
1) proxy_arp must be set to 1
2) rp_filter: you might start with 0
3) ip_forward should be set to 1
4) all routes must be sane:
ip route add a.b.c.0/28 dev eth0
ip route add a.b.c.0/24 dev eth1
ip route add 192.168.1.0 dev eth2
ip route add default via a.b.c.1

Then you should be able to arp-ping the whole world from anywhere inside
your network.

-- 
<ard@telegraafnet.nl> Telegraaf Elektronische Media  http://wwwijzer.nl
http://leerquoten.monster.org/ http://www.faqs.org/rfcs/rfc1855.html 
Let your government know you value your freedom. Sign the petition:
http://petition.eurolinux.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

Re: [LARTC] proxy arp and routing

[David Koski]

On Mon, 4 Feb 2002 15:59:44 +0100
Ard van Breemen <ard@telegraafnet.nl> wrote:

> On Fri, Feb 01, 2002 at 02:41:49PM -0800, David Koski wrote:
> > Given the network map below, I am able to ping any ip on all networks from
the
> > linux box.  However, from the cisco router, I cannot ping past eth1 on the
linux
> > box.  The reverse is also true; I cannot ping past eth0 from a host on LAN. 
> > proxy-arp is enabled on the linux box and the route to a.b.c.0/24 is added
to
> > the cisco router.  I haven't a clue why either way, I can only get to the
far
> > side of the linux box but no further.

> I do not care about your ascii art, just about the following:
> ip route show
> /proc/sys/net/ipv4/conf/eth[012]/proxy_arp
> /proc/sys/net/ipv4/conf/eth[012]/rp_filter
> /proc/sys/net/ipv4/ip_forward
> 1) proxy_arp must be set to 1
> 2) rp_filter: you might start with 0
> 3) ip_forward should be set to 1
> 4) all routes must be sane:
> ip route add a.b.c.0/28 dev eth0
> ip route add a.b.c.0/24 dev eth1
> ip route add 192.168.1.0 dev eth2
> ip route add default via a.b.c.1
> 
> Then you should be able to arp-ping the whole world from anywhere inside
> your network.

You did not mention:

/proc/sys/net/ipv4/conf/eth[012]/forwarding

It is set to 1 also.  The only difference I have with your settings above is
rp_filter.  I'll change it to 0 and see what happens.  Since the settings were
reverted back and I don't have access to it right now, I cannot dump the routing
table.  But it was verified to be correct and consistant with the above
settings.

Thank you,
David Koski
david@KosmosIsland.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/