On Sun, Feb 24, 2002 at 09:06:24PM +0100, Ard van Breemen wrote: > On Fri, Feb 22, 2002 at 11:11:44PM -0500, Adrian Chung wrote: > > I've got a DSL modem that bridges ethernet between three boxes here, > > and everything else on the same subnet at the ISP side. > > > > With the three boxes plugged into a hub, with the DSL modem, I can't > > do aggregate bandwidth shaping, because there's no way for one both to > > know in relation to the other three how much bandwidth it's using. > > > > I decided to use proxy-arp, and put two of the boxes behind a 2.4 box > > doing shaping: > > > > .225 \ > > -- .224 -- DSL Modem -- ISP (.252) > > .226 / > > > > And, following the HOWTO, proceeded to turn proxy_arp on for the left > > and right interface on .224 which both had IP address .224. > > > > I set the routes up so that .225/6 went to the left, and .128/25 went > > to the right. > > > > Everything seemed to work fine. > > > > Except that my box started to answer ARP requests from and for > > everything on the ISP's .128/25 subnet. So it caused lots of havoc. > Ehhh, so you did not set up a default gateway at .225 and .226. > That's your problem. .226 and .225 have a default gateway set, and they resolve its MAC address fine, (as .224's left hand iface). So that's not my problem. Plus, as I explained, it's not .226 and .225 getting to machines on the .128/25 subnet that's the problem, it's the fact that .128/25 can't seem to see .226 and .225. > > The HOWTO assumes that you have a router of some sort between the > > proxy ARP box and the ISP, so that ARP requests never traverse the > > router. > Yep and no. It assumes you have a default gateway, which usually is a > local router, but it can also be the router of the ISP. So your problem > is .225, and .226 not arping for the ISP address. There is nothing > wrong with the remainder of your setup. They ARP successfully for it, but for some reason the ISP machines on .128/25 won't ARP for .225 or .226... But they do for a short period of time if I send an unsolicited ARP request/reply to them. After about 3 minutes, they stop responding once again, and I never see ARP requests/replies from them for .225 or .226. It's strange. > > In my case, since it's a bridge, everything goes. > Yes, and in the normal situation you would have .252 as a default gateway. Which I do, on both .225, .226 and .224. And proper routes on .224 pointing .226 and .225 left, and .252, .128/25 right. I'm not sure what ARP requests I was answering for, because I didn't see the ARP cache. But apparently there were 30-40 ARP entries at the ISP router end that all had my MAC address attached. -- Adrian Chung (adrian at enfusion-group dot com) http://www.enfusion-group.com/~adrian GPG Fingerprint: C620 C8EA 86BA 79CC 384C E7BE A10C 353B 919D 1A17 [toad.enfusion-group.com] up 1 day, 3:26, 11 users
