On Sat, 2002-02-23 at 12:49, Adrian Chung wrote: > Hi, I have the following setup: > > Cable Modem (24.x.y.z) > | > x.y.z.225 -+ +----------------------- > |--|x.y.z.224 -- x.y.z.224|-- x.y.z.0/25 > x.y.z.226 -+ +----------------------+ The magic secret of proxy ARP is that Linux will only proxy if there is a route to the desired IP address that does not go out the same interface. So, if you have netmasks set to /24 in your setup, it will not work. You should probably set the right iface as x.y.z.<something less than 127>/25 and the left as x.y.z.224/25. Proxy ARP should then work correctly, and without you having to redo the hack every time a host is added to the left network. If you really can't afford to burn another address, set the right iface to x.y.z.224/32 and add a route to x.y.z.0/25. The goal is to ensure that the scope of routes over the two interfaces do not overlap. > > I'm trying to build a pseudo-bridge where .225 and .226 are reachable > from x.y.z.0/25 and x.y.z.0/25 is reachable from both .225, and .226. > > I switched on proxy_arp on the left hand interface, and originally > attempted to switch proxy_arp on on the right hand interface too. > This setup worked, but .224 answered ARP queries for all kinds of > things, not just .225, and .226. It answered for most of the machines > in the x.y.z.0/25 subnet. > > So, I've switched proxy_arp on the right hand ISP facing interface > off, but I still want to advertise ARP entries for .224 and .225. > > .225 and .226 successfully resolve everything in x.y.z.0/25 to the HW > address of .224's left interface. But for the other way, ISP subnet > machines finding .225, and .226: > > I thought that if I added: > > arp -Ds x.y.z.225 <right-IF> pub > > That .224 would answer ARP queries for .225 with the HW address of the > right hand interface. > > It looks like it doesn't answer at all. However, if I do an > unsolicited arp by first: > > ip addr add x.y.z.225 dev <right-IF> > arping -U -s x.y.z.225 -I <right-IF> <ISP-subnet machine> > ip addr del x.y.z.225 dev <right-IF> > > I can successfully talk to ISP-subnet machine for a short duration > after which point, I assume the ARP entry expires, and they can no > longer resolve .225 and .226's HW addresses. > > Any ideas? > > I'm running 2.4.16 with Julian Anastasov's dead-gateway-detection > patches. > > -- > Adrian Chung (adrian at enfusion-group dot com) > http://www.enfusion-group.com/~adrian > GPG Fingerprint: C620 C8EA 86BA 79CC 384C E7BE A10C 353B 919D 1A17 > [toad.enfusion-group.com] up 1:18, 7 users, load average: 0.00 > > - > : send the line "unsubscribe linux-net" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Casey Carter Casey@Carter.net ccarter@uiuc.edu AIM: cartec69 - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
