Proxy arp not working in Linux

I'm having a problem configuring proxy arp. My understanding is that
first proxy arp must be enabled in the kernel by setting one or more of
these variables to "1".

/proc/sys/net/ipv4/conf/eth0/proxy_arp
/proc/sys/net/ipv4/conf/lo/proxy_arp
/proc/sys/net/ipv4/conf/default/proxy_arp
/proc/sys/net/ipv4/conf/all/proxy_arp

Inititially, I set just eth0, but then tried setting them all when it
didn't work. I set the variables in /etc/sysctl.conf, stopped and
restarted the interface, and checked to make certain they were all set.

After setting the kernel variables, I added a permanent, published arp
table entry as follows:

# arp -s 192.168.18.230 00:B00:B5:52:F9 pub

Also tried this:

# arp -i eth0 -s 192.168.18.230 -D eth0 pub

Here's what's in the arp cache after adding the entry:

# arp -an
? (192.168.18.12) at 00:0D:56:A3:90:83 [ether] on eth0
? (192.168.18.1) at 00:00:0C:07:AC:01 [ether] on eth0
? (192.168.18.230) at * PERM PUP on eth0

# cat /proc/net/arp
IP address HW type Flags HW address Mask
Device
192.168.18.12 0x1 0x2 00:0D:56:A3:90:83 *
eth0
192.168.18.1 0x1 0x2 00:00:0C:07:AC:01 *
eth0
192.168.18.230 0x1 0xc 00:00:00:00:00:00 *
eth0

The "*" in the arp -an output doesn't look right, and the HW address
for 192.168.18.230 is definitely not right.

But, just to see if it would respond I pinged it from another box on
the local subnet. I don't expect icmp echo replies at this point,
since the box is not routing. But I did expect to see an arp reply if
it was configured correctly. But there's no reply. I tried the same
thing on a Solaris system and it works fine. What else needs to be
done to make this work in Linux? I tried it on two different Redhat
systems, 2.6.11-1.14_FC3 and 2.6.9-5.Elsmp, with the same results.

On 21 Jun 2005 09:34:14 -0700, "(E-Mail Removed)"
<(E-Mail Removed)> wrote:

>I'm having a problem configuring proxy arp. My understanding is that
>first proxy arp must be enabled in the kernel by setting one or more of
>these variables to "1".
>
>/proc/sys/net/ipv4/conf/eth0/proxy_arp
>/proc/sys/net/ipv4/conf/lo/proxy_arp
>/proc/sys/net/ipv4/conf/default/proxy_arp
>/proc/sys/net/ipv4/conf/all/proxy_arp
>
>Inititially, I set just eth0, but then tried setting them all when it
>didn't work. I set the variables in /etc/sysctl.conf, stopped and
>restarted the interface, and checked to make certain they were all set.
>
>After setting the kernel variables, I added a permanent, published arp
>table entry as follows:
>
># arp -s 192.168.18.230 00:B00:B5:52:F9 pub
>
>Also tried this:
>
># arp -i eth0 -s 192.168.18.230 -D eth0 pub
>
>Here's what's in the arp cache after adding the entry:
>
># arp -an
>? (192.168.18.12) at 00:0D:56:A3:90:83 [ether] on eth0
>? (192.168.18.1) at 00:00:0C:07:AC:01 [ether] on eth0
>? (192.168.18.230) at * PERM PUP on eth0
>
># cat /proc/net/arp
>IP address HW type Flags HW address Mask
>Device
>192.168.18.12 0x1 0x2 00:0D:56:A3:90:83 *
>eth0
>192.168.18.1 0x1 0x2 00:00:0C:07:AC:01 *
>eth0
>192.168.18.230 0x1 0xc 00:00:00:00:00:00 *
>eth0
>
>The "*" in the arp -an output doesn't look right, and the HW address
>for 192.168.18.230 is definitely not right.
>
>But, just to see if it would respond I pinged it from another box on
>the local subnet. I don't expect icmp echo replies at this point,
>since the box is not routing. But I did expect to see an arp reply if
>it was configured correctly. But there's no reply. I tried the same
>thing on a Solaris system and it works fine. What else needs to be
>done to make this work in Linux? I tried it on two different Redhat
>systems, 2.6.11-1.14_FC3 and 2.6.9-5.Elsmp, with the same results.

You might want to have a look at my working ProxyARP setup:

http://yesican.chsoft.biz/lartc

ftp://andthatsjazz.org/pub/lartc

to see if any of that helps. In general, if you bring up the
interfaces using ip link (rather than ifconfig) and you then set the
routing up correctly, ProxyARP just works - after your ISP's ARP cache
finally purges (mine takes 70 minutes or so).
--
buck

"(E-Mail Removed)" <(E-Mail Removed)> writes:

> I'm having a problem configuring proxy arp. My understanding is that
> first proxy arp must be enabled in the kernel by setting one or more of
> these variables to "1".

This one works for me

echo 1 > /proc/sys/net/ipv4/ip_forward
arp -i eth0 -Ds x.y.z.t eth0 pub

on a firewall, with kernel 2.4.18-1-686 (debian stable)

MB

--
Michel BILLAUD (E-Mail Removed)
LABRI-Université Bordeaux I tel 05 4000 6922 / 05 5684 5792
351, cours de la Libération http://www.labri.fr/~billaud
33405 Talence (FRANCE)

On 21 Jun 2005, (E-Mail Removed) <(E-Mail Removed)> wrote:
> I'm having a problem configuring proxy arp. My understanding is that
> first proxy arp must be enabled in the kernel by setting one or more of
> these variables to "1".
>
> /proc/sys/net/ipv4/conf/eth0/proxy_arp
> /proc/sys/net/ipv4/conf/lo/proxy_arp
> /proc/sys/net/ipv4/conf/default/proxy_arp
> /proc/sys/net/ipv4/conf/all/proxy_arp
(snip)

Some important things you have not told us is what interfaces are you
attempting to proxy arp between (IP/netmask of each), and your routing.
If you have network or routing conflicts, proxy arp is NOT going to work.
You only mention eth0 and nothing about other interface or network.

This is an example of a script I use to enable my laptop to proxy arp my
desktop between eth0 and wlan0 (wireless to main LAN). Both interfaces
use IP 172.16.1.245, but eth0 has netmask 255.255.255.255 and wlan0 has
netmask 255.255.255.248 (pppoe router also proxy arps between /29 wireless
subnet and /24 wired LAN).

#!/bin/sh
/sbin/SuSEfirewall2 stop
/sbin/ifconfig eth0 172.16.1.245 broadcast 172.16.1.245 netmask 255.255.255.255
/sbin/route add -host 172.16.1.244 dev eth0
/sbin/SuSEfirewall2
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/wlan0/proxy_arp

The reason I proxy arp both interfaces instead of just wlan0 is because
brain dead Win XP on desktop will not accept 255.255.255.255 netmask, so
having proxy arp enabled for eth0 allows XP to use 255.255.255.248 netmask
and find its way through eth0 and out wlan0 to wireless gateway (pppoe
router). This may sound confusing, but all works as one happy LAN
(desktopPC or printserver on mainLAN can find each other using arp).

pppoe |eth0----/24----mainLAN
router|eth1----/29----WAP wlan0|laptop|eth0----/32----desktopPC