Alright, given that proxy arp is setup and working correctly, what kind of
IPTable rules would I need to route these packets back and forth? My setup
would be similar to your first diagram, just a router taking care of the
internet connection.
When I was using IP Aliases, I would use a static rule for each external IP
address. ie:
${IPTABLES} -t nat -A POSTROUTING -s 192.168.0.37 -o eth1 -j SNAT
--to-source 207.102.201.189
I've tried the above rule with Proxy ARP enabled (no IP aliases), with no
success. Would it be a similar PREROUTING rule, not a post routing?
Thanks again for your help.
At 11:44 AM 1/6/01 +0000, you wrote:
>Mike Benoit wrote:
>
> > I'm pretty much shooting in the dark here, and I'm not even sure if I
> fully
> > understand this entire concept with proxy arp.
>
>OK; here's a brief guide to the "auto proxy-ARP" feature:
>
>Suppose that:
>
>1. You have a setup like this which works (this assumes a class C, but
>it could be any size):
>
> Internet
> |
> +---+----+ +-------+ +-------+ +-------+ +-------+
> | Router | | Host | | Host | | Host | | Host |
> +---+----+ +---+---+ +---+---+ +---+---+ +---+---+
> |.1 |.101 |.102 |.201 |.202
> ---+------------+-----------+-----------+-----------+------ Ethernet
>
>The routing tables would look like:
>
> route add -net x.x.x.0 netmask 255.255.255.0 dev eth0
> route add default gw x.x.x.1 # for the hosts, or ...
> route add default dev ppp0 # ... for the router (.1)
>
>2. You want to split it into multiple segments, e.g.
>
> Internet
> |
> +---+----+ +-------+ +-------+ +--------+ +-------+ +-------+
> | Router | | Host | | Host | | Router | | Host | | Host |
> +---+----+ +---+---+ +---+---+ +-+---+--+ +---+---+ +---+---+
> |.1 |.101 |.102 .199| |.200 |.201 |.202
> ---+------------+-----------+---------+
> +----------+-----------+------ Ethernet
>
>but you want the 199/200 router to be "transparent", i.e. all systems
>apart from 199/200 (including .1) remain configured for a single
>segment.
>
>NB: it doesn't make any difference if there aren't any hosts between
>the two routers (e.g. 101, 102 above are absent); this is quite
>common.
>
>If 199/200 is configured for auto proxy-ARP on both NICs, then:
>
>1. Any ARP request for 200-254 which is seen on 199 will be answered
>from 199 with 199's MAC address.
>
>2. Any ARP request for 1-199 which is seen on 200 will be answered
>from 200 with 200's MAC address.
>
>The remaining 2 cases are a consequence of the network topology and
>the protocols involved (i.e. you can't change it centrally):
>
>3. Any ARP request for 200-254 which is seen on 200 will be answered
>from the host having that IP address with its own MAC address.
>
>4. Any ARP request for 1-199 which is seen on 199 will be answered
>from the host having that IP address with its own MAC address.
>
>NB: The router's ARP cache is still going to contain the same
>IP/MAC/NIC values that it always would; it wouldn't be able to send
>packets without this data. The auto proxy-ARP feature doesn't require
>any cache entries; all of the values can be deduced from the NICs
>configuration and the routing tables.
>
>--
>Glynn Clements <glynn@sensei.co.uk>
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
