Proxy arp not working in Linux

Discussion in 'Linux Networking' started by dhumes001, Jun 21, 2005.

  1. dhumes001

    dhumes001 Guest

    I'm having a problem configuring proxy arp. My understanding is that
    first proxy arp must be enabled in the kernel by setting one or more of
    these variables to "1".

    /proc/sys/net/ipv4/conf/eth0/proxy_arp
    /proc/sys/net/ipv4/conf/lo/proxy_arp
    /proc/sys/net/ipv4/conf/default/proxy_arp
    /proc/sys/net/ipv4/conf/all/proxy_arp

    Inititially, I set just eth0, but then tried setting them all when it
    didn't work. I set the variables in /etc/sysctl.conf, stopped and
    restarted the interface, and checked to make certain they were all set.

    After setting the kernel variables, I added a permanent, published arp
    table entry as follows:

    # arp -s 192.168.18.230 00:B0:D0:B5:52:F9 pub

    Also tried this:

    # arp -i eth0 -s 192.168.18.230 -D eth0 pub

    Here's what's in the arp cache after adding the entry:

    # arp -an
    ? (192.168.18.12) at 00:0D:56:A3:90:83 [ether] on eth0
    ? (192.168.18.1) at 00:00:0C:07:AC:01 [ether] on eth0
    ? (192.168.18.230) at * PERM PUP on eth0

    # cat /proc/net/arp
    IP address HW type Flags HW address Mask
    Device
    192.168.18.12 0x1 0x2 00:0D:56:A3:90:83 *
    eth0
    192.168.18.1 0x1 0x2 00:00:0C:07:AC:01 *
    eth0
    192.168.18.230 0x1 0xc 00:00:00:00:00:00 *
    eth0

    The "*" in the arp -an output doesn't look right, and the HW address
    for 192.168.18.230 is definitely not right.

    But, just to see if it would respond I pinged it from another box on
    the local subnet. I don't expect icmp echo replies at this point,
    since the box is not routing. But I did expect to see an arp reply if
    it was configured correctly. But there's no reply. I tried the same
    thing on a Solaris system and it works fine. What else needs to be
    done to make this work in Linux? I tried it on two different Redhat
    systems, 2.6.11-1.14_FC3 and 2.6.9-5.Elsmp, with the same results.
     
    dhumes001, Jun 21, 2005
    #1
    1. Advertisements

  2. dhumes001

    buck Guest

    You might want to have a look at my working ProxyARP setup:

    http://yesican.chsoft.biz/lartc

    ftp://andthatsjazz.org/pub/lartc

    to see if any of that helps. In general, if you bring up the
    interfaces using ip link (rather than ifconfig) and you then set the
    routing up correctly, ProxyARP just works - after your ISP's ARP cache
    finally purges (mine takes 70 minutes or so).
     
    buck, Jun 22, 2005
    #2
    1. Advertisements

  3. This one works for me

    echo 1 > /proc/sys/net/ipv4/ip_forward
    arp -i eth0 -Ds x.y.z.t eth0 pub

    on a firewall, with kernel 2.4.18-1-686 (debian stable)

    MB
     
    Michel Billaud, Jun 26, 2005
    #3
  4. (snip)

    Some important things you have not told us is what interfaces are you
    attempting to proxy arp between (IP/netmask of each), and your routing.
    If you have network or routing conflicts, proxy arp is NOT going to work.
    You only mention eth0 and nothing about other interface or network.

    This is an example of a script I use to enable my laptop to proxy arp my
    desktop between eth0 and wlan0 (wireless to main LAN). Both interfaces
    use IP 172.16.1.245, but eth0 has netmask 255.255.255.255 and wlan0 has
    netmask 255.255.255.248 (pppoe router also proxy arps between /29 wireless
    subnet and /24 wired LAN).

    #!/bin/sh
    /sbin/SuSEfirewall2 stop
    /sbin/ifconfig eth0 172.16.1.245 broadcast 172.16.1.245 netmask 255.255.255.255
    /sbin/route add -host 172.16.1.244 dev eth0
    /sbin/SuSEfirewall2
    echo 1 > /proc/sys/net/ipv4/ip_forward
    echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
    echo 1 > /proc/sys/net/ipv4/conf/wlan0/proxy_arp

    The reason I proxy arp both interfaces instead of just wlan0 is because
    brain dead Win XP on desktop will not accept 255.255.255.255 netmask, so
    having proxy arp enabled for eth0 allows XP to use 255.255.255.248 netmask
    and find its way through eth0 and out wlan0 to wireless gateway (pppoe
    router). This may sound confusing, but all works as one happy LAN
    (desktopPC or printserver on mainLAN can find each other using arp).

    pppoe |eth0----/24----mainLAN
    router|eth1----/29----WAP wlan0|laptop|eth0----/32----desktopPC
     
    David Efflandt, Jul 8, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.