Re: [leaf-user] ProxyARP confusion

Sun, 19 Sep 2004 08:28:48 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

When you add this /etc/shorewall/proxyarp entry:

#ADDRESS        INTERFACE       EXTERNAL        HAVEROUTE

<addr>            <internal>      <external>      No

then the following results.

a) A perminent ARP cache entry for <addr> is added for interface
<external>. That means that ARP who-has requests received by <external>
will be responded to with the MAC address of <external>.

b) The /proc/sys/net/ipv4/conf/<internal>/proxy_arp flag is set to 1.
This means that any ARP who-has requests received on <internal> will be
responded to with the MAC address of <internal> IF:

        1) There is a route from the firewall to the IP address in the
~           who-has request; and
~        b) That route is not out of <internal>

c) A direct host route for <addr> is added on <internal>.

d) The /proc/sys/net/ipv4/conf/<external>/proxy_arp flag is set to 0.
This inhibits the behavior described above under b) for the <external>
address so that it is not possible to map your internal network from
outside using ARP.

THAT IS ALL THERE IS TO PROXY ARP -- if you are still confused about
this then maybe the information about ARP in the Shorewall Setup Guide
will help.

- -Tom
- --
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBTaXDO/MAbZfjDLIRApJQAJ9NiGVFnsN41iEMaR57s/ibnMCBtQCfXwxp
aBrKTqd268fwnaawU1zKQNc=
=or+j
-----END PGP SIGNATURE-----


-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to