Re: Proxy arping

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On May 3 2007 10:44, Andres Paglayan wrote:
>
> Hi,
>
> how can I  properly set proxy arping in a one to one mapped nat?
>
> I have a router with 192.168.1.0 in one side (our lan eth0) and
> 192.168.50.0 in the other (other lan eth2), plus an internet
> gateway (eth3)
>
> this is the routing table
>
> root@ipcop:~/scripts # route
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 192.168.50.0    *               255.255.255.0   U     0      0        0 eth2
> 192.168.2.0     *               255.255.255.0   U     0      0        0 eth1
> 192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
> 65.19.28.0      *               255.255.255.0   U     0      0        0 eth3
> 172.22.0.0      *               255.255.254.0   U     0      0        0 eth2
> 172.16.2.0      *               255.255.254.0   U     0      0        0 eth2
> 172.16.0.0      *               255.255.254.0   U     0      0        0 eth2
> default         65.19.28.1      0.0.0.0         UG    0      0        0 eth3
>
>
> at the 50.0 side, I am routing traffic to other subnets as well, ie
> 172.16.2.0/23
>
> For the applications we are running, instead of regular natting,
> I am using NETMAP target of iptables,
> which instead of making the packets as going out from 192.168.50.1
> they are mapped to addresses at 50.0/24
> i.e. when packet goes from 192.168.1.5 to 172.16.2.34 trasversing the
> 192.168.50.1 device
> the router mangles it an makes it appear as going out from 192.168.50.5 and
> then translates back
>
> everything goes fabulous, but I am having a problem with arping,
> arp questions addressed to 192.168.50.0/24 are not reaching my router's device,
>
> I have been reading and experimenting with this a bunch,
> echo 1 > /proc/sys/net/ipv4/conf/eth2/proxy_arp (an to eth0)
> on the proper device is set, but still not proxy arping,
>
>
> is there anybody with experience on this proxy arp issue?

If you can't get arpd running, try arp faking:

  brctl addbr br0;
  brctl addif br0 eth0 eth2;
  ebtables -t broute -P BROUTING DROP;
  ebtables -t broute -p arp --arp-opcode request -j ACCEPT;
  ebtables -t nat -A PREROUTING -i eth0 -p arp --arp-opcode request \
    -j arpreply --arpreply-mac `cat /sys/class/net/eth0/address` \
    --arpreply-target DROP;
  # repeat last command for eth2

Assume now that 192.168.1.5 contacts 172.16.2.34, it will send out
"arp who-has 172.16.2.34". The router will then reply "arp
172.16.2.34 is at AA:BB:CC:DD:EE:FF" -- however the MAC address
reported back to .1.5 not the one of .2.34, but the one of the eth0
card. This makes sure that packets for .2.34 do actually get routed
to the router. The router then asks for .2.34 itself (arp replies
by ebtables do NOT end up in the arp cache, thankfully) and should
forward it.

BTW, why would you need NETMAP?


Jan
--
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux