If you have a working proxyARP setup, will you please post it? I''ve tried to insert a Linux box between the DSL connection and the switch, but I''m getting nowhere. Everything works correctly when all the servers in this network use the switch to get to the DSL. Any box directly connected to the DSL also works correctly. http://www.sjdjweis.com/linux/proxyarp/ makes it sound easy, but none of the machines except the new one can get out when I set this up. From any computer except the intended proxyARP box, ''traceroute -n ANYTHING'' stops after the first hop (.96) succeeds; ''ping .97'' fails. I don''t know (or care yet) if anything gets in. (I really have a /29 network, but for consistency I''m showing a /28): gypsy> ifconfig eth0 x.x.x.96 broadcast x.x.x.111 netmask 255.255.255.240 gypsy> ifconfig eth1 x.x.x.96 broadcast x.x.x.111 netmask 255.255.255.240 gypsy> route add default gw x.x.x.97 metric 1 Weis> # interface definitions Weis> BAD_IFACE=eth0 Weis> Weis> DMZ_IFACE=eth1 Weis> DMZ_ADDR=x.x.x.96/28 Weis> Weis> ip route del x.x.x.96/28 dev $BAD_IFACE Weis> ip route del x.x.x.96/28 dev $DMZ_IFACE Weis> ip route add x.x.x.97 dev $BAD_IFACE Weis> ip route add x.x.x.96/28 dev $DMZ_IFACE Weis> Weis> # we need proxy arp for the dmz network Weis> echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp Weis> echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp Weis> Weis> # turn on ip forwarding Weis> echo 1 > /proc/sys/net/ipv4/ip_forward The kernel is 2.4.26, iproute2 is 2-2.6.8 -- Call me stumped, gypsy _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
gypsy wrote: ...> gypsy> ifconfig eth0 x.x.x.96 broadcast x.x.x.111 netmask > 255.255.255.240 > gypsy> ifconfig eth1 x.x.x.96 broadcast x.x.x.111 netmask > 255.255.255.240... I think you can''t use x.x.x.96 here, because it is the address of your network x.x.x.96/28. Useable ip addresses are .97 - .110. And you can''t have the same ip address and netmask on two interfaces. Use maybe ''netmask 255.255.255.255'' on one of them. As far as the question in the subject is concerned, yes, I have. -- Martin _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Martin Volf wrote:> > gypsy wrote: > ... > > gypsy> ifconfig eth0 x.x.x.96 broadcast x.x.x.111 netmask > > 255.255.255.240 > > gypsy> ifconfig eth1 x.x.x.96 broadcast x.x.x.111 netmask > > 255.255.255.240 > > I think you can''t use x.x.x.96 here, because it is the address of your network > x.x.x.96/28. Useable ip addresses are .97 - .110. And you can''t have the same > ip address and netmask on two interfaces. Use maybe ''netmask 255.255.255.255'' > on one of them. > -- > MartinI have tried all IPs in the range, but I have not tried different netmasks. Thanks for that tip. Could you please post the output of ''route -n'', ''ip route'' and ''ip neigh show'' as well as any ''ip route [add|del|*]'' commands you run? I really believe that either the kernel thinks there are spoofed IPs or - most likely - that my routing table is junk. Here is a quote from http://www.sjdjweis.com/linux/proxyarp/ which is why I set both the same:> After you have the above steps done, you will need to configure your network cards. This step should be done off of the > network since you may end up with some conflicting addresses. Give two NIC''s identical IP addresses, subnet masks, and > gateways. The IP you choose needs to be an unused address on your network. In my case, I used x.x.x.98, since my router is > at x.x.x.97. You could actually use about any address on the wire that isn''t in use.gypsy _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
gypsy wrote:> > Martin Volf wrote: > > I think you can''t use x.x.x.96 here, because it is the address of your network > > x.x.x.96/28. Useable ip addresses are .97 - .110. And you can''t have the same > > ip address and netmask on two interfaces. Use maybe ''netmask 255.255.255.255'' > > on one of them. > > Could you please post the output of ''route -n'', ''ip route'' and ''ip neigh > show'' as well as any ''ip route [add|del|*]'' commands you run?I guess not. Martin, is there some reason you do not wish to post these things? gypsy _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
gypsy wrote:>>Could you please post the output of ''route -n'', ''ip route'' and ''ip neigh >>show'' as well as any ''ip route [add|del|*]'' commands you run? > > I guess not. Martin, is there some reason you do not wish to post these > things?Hello, sorry for the delay. I have used something like this: router: ifconfig eth0 172.16.7.42 netmask 255.255.255.0 broadcast 172.16.7.255 route add default gw 172.16.7.1 ifconfig eth1 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255 ifconfig eth2 192.168.1.1 netmask 255.255.255.255 -broadcast route add -host 192.168.1.17 device eth2 route add -host 192.168.1.18 device eth2 route add -host 192.168.1.19 device eth2 echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp echo 1 > /proc/sys/net/ipv4/conf/eth2/proxy_arp The network 192.168.1.0/24 is divided into two parts, ip addresses 192.168.1.17, .18, .19 are connected to eth2, other ip addresses to eth1. 192.168.1.17: ifconfig eth0 192.168.1.17 netmask 255.255.255.0 broadcast 192.168.1.255 route add default gw 192.168.1.1 traceroute from 192.168.1.17 do 192.168.1.2: 1 192.168.1.1 1.08 ms 0.73 ms 0.723 ms 2 192.168.1.2 0.85 ms 0.77 ms 0.715 ms "arp -an" at 192.168.1.17: ? (192.168.1.1) at 00:00:B4:9F:A4:58 [ether] on eth0 ? (192.168.1.2) at 00:00:B4:9F:A4:58 [ether] on eth0 (note the same MAC address) HTH, -- Martin _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/