List Info

Thread: Proxy arping
Proxy arping
country flaguser name
United States		 2007-05-03 11:44:11 
Hi,

how can I  properly set proxy arping in a one to one mapped
nat?

I have a router with 192.168.1.0 in one side (our lan eth0)
and  
192.168.50.0 in the other (other lan eth2),
plus an internet gateway (eth3)

this is the routing table

rootipcop:~/scripts # route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric
Ref     
Use Iface
192.168.50.0    *               255.255.255.0   U     0     
0         
0 eth2
192.168.2.0     *               255.255.255.0   U     0     
0         
0 eth1
192.168.1.0     *               255.255.255.0   U     0     
0         
0 eth0
65.19.28.0      *               255.255.255.0   U     0     
0         
0 eth3
172.22.0.0      *               255.255.254.0   U     0     
0         
0 eth2
172.16.2.0      *               255.255.254.0   U     0     
0         
0 eth2
172.16.0.0      *               255.255.254.0   U     0     
0         
0 eth2
default         65.19.28.1      0.0.0.0         UG    0     
0         
0 eth3


at the 50.0 side, I am routing traffic to other subnets as
well, ie  
172.16.2.0/23

For the applications we are running, instead of regular
natting,
I am using NETMAP target of iptables,
which instead of making the packets as going out from
192.168.50.1
they are mapped to addresses at 50.0/24
i.e. when packet goes from 192.168.1.5 to 172.16.2.34
trasversing the  
192.168.50.1 device
the router mangles it an makes it appear as going out from 

192.168.50.5 and then translates back

everything goes fabulous, but I am having a problem with
arping,
arp questions addressed to 192.168.50.0/24 are not reaching
my  
router's device,

I have been reading and experimenting with this a bunch,
echo 1 > /proc/sys/net/ipv4/conf/eth2/proxy_arp (an to
eth0)
on the proper device is set, but still not proxy arping,


is there anybody with experience on this proxy arp issue?

Thanks,

Andres
Re: Proxy arping
country flaguser name
Germany		 2007-05-03 13:12:14 
On May 3 2007 10:44, Andres Paglayan wrote:
>
> Hi,
>
> how can I  properly set proxy arping in a one to one
mapped nat?
>
> I have a router with 192.168.1.0 in one side (our lan
eth0) and
> 192.168.50.0 in the other (other lan eth2), plus an
internet
> gateway (eth3)
>
> this is the routing table
>
> rootipcop:~/scripts # route
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags
Metric Ref    Use Iface
> 192.168.50.0    *               255.255.255.0   U     0
     0        0 eth2
> 192.168.2.0     *               255.255.255.0   U     0
     0        0 eth1
> 192.168.1.0     *               255.255.255.0   U     0
     0        0 eth0
> 65.19.28.0      *               255.255.255.0   U     0
     0        0 eth3
> 172.22.0.0      *               255.255.254.0   U     0
     0        0 eth2
> 172.16.2.0      *               255.255.254.0   U     0
     0        0 eth2
> 172.16.0.0      *               255.255.254.0   U     0
     0        0 eth2
> default         65.19.28.1      0.0.0.0         UG    0
     0        0 eth3
>
>
> at the 50.0 side, I am routing traffic to other subnets
as well, ie
> 172.16.2.0/23
>
> For the applications we are running, instead of regular
natting,
> I am using NETMAP target of iptables,
> which instead of making the packets as going out from
192.168.50.1
> they are mapped to addresses at 50.0/24
> i.e. when packet goes from 192.168.1.5 to 172.16.2.34
trasversing the
> 192.168.50.1 device
> the router mangles it an makes it appear as going out
from 192.168.50.5 and
> then translates back
>
> everything goes fabulous, but I am having a problem
with arping,
> arp questions addressed to 192.168.50.0/24 are not
reaching my router's device,
>
> I have been reading and experimenting with this a
bunch,
> echo 1 > /proc/sys/net/ipv4/conf/eth2/proxy_arp (an
to eth0)
> on the proper device is set, but still not proxy
arping,
>
>
> is there anybody with experience on this proxy arp
issue?

If you can't get arpd running, try arp faking:

  brctl addbr br0;
  brctl addif br0 eth0 eth2;
  ebtables -t broute -P BROUTING DROP;
  ebtables -t broute -p arp --arp-opcode request -j ACCEPT;
  ebtables -t nat -A PREROUTING -i eth0 -p arp --arp-opcode
request 
    -j arpreply --arpreply-mac `cat
/sys/class/net/eth0/address` 
    --arpreply-target DROP;
  # repeat last command for eth2

Assume now that 192.168.1.5 contacts 172.16.2.34, it will
send out
"arp who-has 172.16.2.34". The router will then
reply "arp
172.16.2.34 is at AA:BB:CCD:EE:FF&
quot; -- however the MAC address
reported back to .1.5 not the one of .2.34, but the one of
the eth0
card. This makes sure that packets for .2.34 do actually get
routed
to the router. The router then asks for .2.34 itself (arp
replies
by ebtables do NOT end up in the arp cache, thankfully) and
should
forward it.

BTW, why would you need NETMAP?


Jan
--
Re: Proxy arping
country flaguser name
Netherlands		 2007-05-03 14:31:41 
Andres Paglayan wrote:
> Hi,
>
> how can I  properly set proxy arping in a one to one
mapped nat?
>
> I have a router with 192.168.1.0 in one side (our lan
eth0) and 
> 192.168.50.0 in the other (other lan eth2),
> plus an internet gateway (eth3)
>
> this is the routing table
>
> rootipcop:~/scripts # route
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags
Metric Ref    
> Use Iface
> 192.168.50.0    *               255.255.255.0   U     0
     0        
> 0 eth2
> 192.168.2.0     *               255.255.255.0   U     0
     0        
> 0 eth1
> 192.168.1.0     *               255.255.255.0   U     0
     0        
> 0 eth0
> 65.19.28.0      *               255.255.255.0   U     0
     0        
> 0 eth3
> 172.22.0.0      *               255.255.254.0   U     0
     0        
> 0 eth2
> 172.16.2.0      *               255.255.254.0   U     0
     0        
> 0 eth2
> 172.16.0.0      *               255.255.254.0   U     0
     0        
> 0 eth2
> default         65.19.28.1      0.0.0.0         UG    0
     0        
> 0 eth3
>
>
> at the 50.0 side, I am routing traffic to other subnets
as well, ie 
> 172.16.2.0/23
>
> For the applications we are running, instead of regular
natting,
> I am using NETMAP target of iptables,
> which instead of making the packets as going out from
192.168.50.1
> they are mapped to addresses at 50.0/24
> i.e. when packet goes from 192.168.1.5 to 172.16.2.34
trasversing the 
> 192.168.50.1 device
> the router mangles it an makes it appear as going out
from 
> 192.168.50.5 and then translates back
>
> everything goes fabulous, but I am having a problem
with arping,
> arp questions addressed to 192.168.50.0/24 are not
reaching my 
> router's device,
>
> I have been reading and experimenting with this a
bunch,
> echo 1 > /proc/sys/net/ipv4/conf/eth2/proxy_arp (an
to eth0)
> on the proper device is set, but still not proxy
arping,
>
>
> is there anybody with experience on this proxy arp
issue?

The usual way is to add static arp entries.

# (untested code)
for i in `seq 2 254` do
    arp -Ds 192.168.50.$i eth2 pub
done

HTH,
M4
Re: Proxy arping
country flaguser name
Germany		 2007-05-03 15:03:14 
On May 3 2007 21:31, Martijn Lievaart wrote:
>
> The usual way is to add static arp entries.

Do that for a /16 and you're smelling the boundaries.


> # (untested code)
> for i in `seq 2 254` do
>   arp -Ds 192.168.50.$i eth2 pub
> done
>
> HTH,
> M4
>

Jan
--
[1-4]

about | contact  Other archives ( Real Estate discussion Medical topics )