Re: proxy_arp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 04/25/2014 11:05 PM, richard lucassen wrote:

Hello list,

I have two identical Linux servers, two identical vanilla kernels
(3.2.57). I start an arping on srv1 to the *external* ip of srv2 using
the *internal* rfc1918 addressed NIC (eth2)

            +------+                        +------+
eth0       |      |  eth2            eth2  |      |  eth0
ip1a-------+ srv1 +--ip1b--<------>--ip2b--+ srv2 +--ip2a
outside    |      |  inside        inside  |      |  outside
            +------+                        +------+

     arping using eth1 ^^  --via-> eth2 ^^ to this ip --^^^

root@srv1# arping -I eth1 ip2a
ARPING 213.34.90.190 from 172.31.255.249 eth2
Unicast reply from 213.34.90.190 [00:15:17:F4:41:46]  0.891ms
Unicast reply from 213.34.90.190 [00:15:17:F4:41:46]  0.799ms
^CSent 2 probes (1 broadcast(s))
Received 2 response(s)

No problem, it works as expected. The other way round however:

            +------+                        +------+
eth0       |      |  eth2            eth2  |      |  eth0
ip1a-------+ srv1 +--ip1b--<------>--ip2b--+ srv2 +--ip2a
outside    |      |  inside        inside  |      |  outside
            +------+                        +------+

  ^^--<- arping to this ip <--via--- ^^ using eth2

root@srv2# arping -I eth2 213.34.90.130
ARPING 213.34.90.130 from 172.31.255.250 eth2
^CSent 15 probes (15 broadcast(s))
Received 0 response(s)

srv1 does NOT reply to arp requests, even if I add an:

"arp -sD eth1 ip1a" (which is not necessary)

I compared all sysctl settings, they are equal. ip_forward is set to 1
on both machines. The srv1 has a large iptables rulebase, the srv2 just
some simple rules. A tcpdump shows that srv1 receives the arp requests
but is not willing to honour the arp requests of srv2.
It seems, iptable rules will not affect the ARP. By any chance you have arptables or ebtables installed on srv1 which is causing the problem? 

http://www.linuxcommand.org/man_pages/arptables8.html
http://ebtables.sourceforge.net/examples/basic.html#ex_config


Regards,
Vignesh


The goal is proxy_arping (which unexpectedly did not work), and I
found out that the machine srv1 even does not reply to arp requests of
its own ip addresses.

Any thoughts or hints on this matter?

R.



--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux