RE: Proxy ARP and UDP

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

As it turns out, not seeing proxy ARP traffic on the outside interface
has other consequences.  I do some traffic shaping and noticed in my
testing that the outbound traffic isn't being shaped.  This drove me
crazy until it suddenly dawned on me - tcpdump shows almost no traffic
on the outside interface even though a full H.323 UDP stream is flying
across the Internet to and from my proxy ARP'd device behind my
firewall.  I know lots of data is flying across both interfaces because
I can see the results.  Yet as far as any software is concerned, almost
nothing is going in or out of my outside interface.  

Is this a normal proxy ARP behavior?  Traffic is definitely flying
across both interfaces.  Why doesn't any software see traffic in and out
of the outside interface?  Should I try a newer kernel than 2.4.27?  

I guess I could shape the internal interface for anything routing across
to the Internet but it just makes more sense to shape the interface at
the boundary.  

Here is the network layout again:

10.10.10.0/27               1.2.3.0/27 
       10.10.10.n          (fictional public IP range)
     internal hosts 
           | 
<----+-----+--------+    +-------+------>to the Internet 
     |              |    |       | 
  Proxied           |    |       | 
H.323 device       Firewall      Router 
                  eth1   eth0 
1.2.3.11    10.10.10.1  1.2.3.2  1.2.3.1 
             1.2.3.2 

/proc/sys/net/ipv4/conf/eth0/proxy_arp is 1.  
/proc/sys/net/ipv4/conf/eth1/proxy_arp is 1. 

/proc/sys/net/ipv4/conf/eth0/rp_filter is 0.  
/proc/sys/net/ipv4/conf/eth1/rp_filter is 0.  

/proc/sys/net/ipv4/conf/ip_forward is 1.  

My firewall has a route to 1.2.3.11 dev eth1. 


- Greg Scott


-----Original Message-----
From: lartc-bounces@xxxxxxxxxxxxxxx
[mailto:lartc-bounces@xxxxxxxxxxxxxxx] On Behalf Of Greg Scott
Sent: Monday, February 20, 2006 8:52 PM
To: gypsy; lartc@xxxxxxxxxxxxxxx
Subject: RE:  Proxy ARP and UDP


Hmmmm - 

I turned off rp_filter (echo 0 > /proc/sys/net/ipv4/eth0/rp_filter - and
eth1) and ran several test calls.  It all worked.  But I still don't
understand why I see less than 1 percent of the packets on the eth0
interface with tcpdump.  

- Greg


> but I bet the problem is rp_filter.
> --
> gypsy
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux