At 00:38 01/10/99 +0200, you wrote:
>Rodrigo,
>
>Thank you very much for your reply. I really appreciate your help.
>
>> >I'm running an out-of-the-box installation of RedHat 6.0. What exactly do
>I
>> >have to do for setting up proxy arp on eth0 with kernel 2.2.5?
>
>> Linux proxy-arp does not answers arp requests to the same interface the
>> request came from.
>
>I guess I've been a little unspecific, sorry about that.
>
>My problem is as follows:
>
>On my ethernet segment, I have three machines:
>
>Machine A with eth0 192.168.0.1 netmask 255.255.255.0
>Machine B with eth0 192.168.0.3 netmask 255.255.255.0
>Machine C with eth0 192.168.0.4 netmask 255.255.255.0
>
>Since machine A will eventually end up as a firewall, I'm running some tests
>with proxy arp. So I'd like machine A to respond for arp-requests on
>192.168.0.2 with the MAC-address of machine A's eth0-interface.
>
>Thus, I'm trying the following command on machine A:
>
>arp -i eth0 -Ds 192.168.0.2 eth0 pub
>
>Now to make sure the command was succesful, I run tcpdump on machine C while
>pinging 192.168.0.2 from machine B.
>
>What I see are endless who-has-requests but no is-at-answers - in spite of
>issuing the icmp-requests from a third machine.
>
>What's going wrong here?
Exactly the problem I pointed. You configured Linux to answer arp
requests for 192.168.0.2 on eth0. The hosts B and C are also on eth0, so
Linux will receive the arp requests from eth0 and (don't ask me why) it
will not answer them.
If you had another interface like eth1, for instance, and Linux receives
arp request from this interface, it would sucessfully answer them.
I don't know why it behaves this way. I don't think this is correct and
most TCP/IP implementations works perfectly fine answering proxy-arp
requests to the same interface they come from (the *BSD, for example).
>> I had this problem some months ago and, to solve it, I had to write my
>> own proy-arp daemon.
>
>To do simple proxy arp with Kernel 2.2.x, there's no need for a proxyarpd,
>is there?
No. The kernel should work fine, but it doesn't (except if the requests
come from different interfaces).
>Nonetheless, is your proxyarpd available anywhere? Maybe I should give it a
>try...
Sorry, unfortunately it's part of a commercial implementation. But you
can get the sources from arpd and check them. Basically you have to create
a PF_PACKET socket to receive and send the requests. If you are used to
sockets programming, it is, at most, one day of work.
Best regards,
Rodrigo Ormonde
--
Rodrigo de La Rocque Ormonde
e-mail: [EMAIL PROTECTED]
Aker Security Solutions - http://www.aker.com.br
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
