RE: Proxy-ARP

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----Original Message-----
From: Martin A. Brown
<snip>
Let me note a few things.  First, you need only send a mail to the list,
not the individual subscribers.
</snip>
Eager beaver. My apologies if I transgressed.

<snip>
This means that you are assigning the same IP to two different ethernet
interfaces on the same media segment.  That's not strictly forbidden, but
unless you take some other steps, the machines on the ethernet will get
one MAC address for 10.0.1.4 one some ARP requests, and the other MAC
address for other requests.  That's not quite deterministic, so your
networking will break.
</snip>
True. This is my intent. My LAN will get the MAC address of eth1 for
10.0.1.4 while my router will get the MAC address of eth1 for the same IP.
This is how it is physically arranged.

<snip>
If you are intending to break the network into two pieces, you have not
done so here.  You should make routes for the IPs which are reachable on
each ethernet.  For example:

# ip route del 10.0.1.0/24 dev eth1
# ip route add 10.0.1.1 dev eth0
# ip route add default via 10.0.1.1

 : #ip ro del 10.0.1.0/24 via 10.0.1.4 dev eth0
 : RTNETLINK answers: No such process

That's because there is no such route....hence the answer is "RTNETLINK
answers: No such process"  I'd suggest re-reading the iproute2 command
reference to understand the use of the keyword "via".  You are not using
the right keyword, or not understanding what you are asking of the kernel,
here.

 : #ip ro add 10.0.1.1/24 via 10.0.1.4 dev eth0
</snip>

I got my answer. Thanks. I guess I should have used "ip ro del 10.0.1.0/24
dev eth0". I used via as the scope link src was there. I wanted to get rid
of the generic route for 10.0.1.0/24 via eth0 and replace it with a route
for just 1 ip 10.0.1.1 (my router's ip) via eth0. Thus all packets meant for
my LAN will go thro' eth1 while those meant for the router will go thro'
eth0. I think I need to do a few more runs of the iproute2 doc to understand
syntax pretty well.

I was trying this so that I could use iptables for firewalling and
tc/cbq/htb for bandwidth shaping out of my LAN without reconfiguring and
gateway IPs on nodes. I was given to understand that a pure bridge will work
with iptables. Further reading has enlightened me on that too. Looks like
the bridging code now interfaces with iptables.

Thanks for the help.

Mohan

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux