On Sun, Feb 24, 2002 at 10:26:57AM +0100, Bernd Eckenfels wrote: > In article <20020224004542.GA1783@enfusion-group.com> you wrote: > >> The magic secret of proxy ARP is that Linux will only proxy if there is > >> a route to the desired IP address that does not go out the same > >> interface. So, if you have netmasks set to /24 in your setup, it will > >> not work. > > Actually it will, as long as you have host routes for the hosts on the left > hand side. Okay, good. As long as it's possible. :) I've got host routes for the hosts on the left, and a subnet route for the subnet on the right: [...] 216.187.106.226 dev eth2 proto static scope link 216.187.106.225 dev eth2 proto static scope link 216.187.106.224 dev eth3 scope link 216.187.106.224 dev eth2 scope link 216.187.106.128/25 dev eth3 scope link > > Right, but I still need to have proxy_arp set to 1 for the right hand > > iface? > > If you publish those entries, you do not need to turn auto proxy arp on. Okay, that doesn't seem to be what's happening. The strange thing is, sometimes it seems to answer ARP queries, and sometimes it doesn't. Doing a tcpdump on the eth3 interface, I see no ARP queries from other hosts for either .225 or .226. However, if I send out an unsolicited ARP as one of those boxes from the firewall first, then I start to see things like: 00:25:24.451638 < arp who-has 216.187.106.225 tell 216.187.106.195 00:25:24.451663 > arp reply 216.187.106.225 (0:80:c8:57:be:c4) is-at 0:80:c8:57:be:c4 (0:48:54:64:8> But after a couple of minutes of inactivity, when I try to contact .195 again, I get absolutely no response, and see no ARP requests even from .195. So I'm not sure what's going on. It answers for the publishing ARP entries sometimes, but not others. I'm going to put .226 on the ISP side and re-arrange the routes to see if I can diagnose the ARP problems better. > > What I really want to do is have the right hand iface respond for > > static arp entries even when proxy_arp is 0. > > It will, if your routing is set up correctly. Otherwise you can use arpd. I installed arpd yesterday, and added the .226 addresses into the arpd database, but I'm still having the same trouble. Either no ARP requests are being made, or I'm not responding. Anyways, what I mainly wanted to know was that it was possible to use publishing ARP entries even when proxy_arp is off. -- Adrian Chung (adrian at enfusion-group dot com) http://www.enfusion-group.com/~adrian GPG Fingerprint: C620 C8EA 86BA 79CC 384C E7BE A10C 353B 919D 1A17 [toad.enfusion-group.com] up 22:09, 9 users, load average: 0.00 - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
