proxy ARPing - was Re: [Wylug-help] Possible IP subnet conflict
John Hodrien
johnh at comp.leeds.ac.uk
Tue, 14 Jan 2003 12:21:43 +0000 (GMT)
On Tue, 14 Jan 2003, Gary Stainburn wrote:
> I'm just about to set up a test system to try this out.
>
> I'm going to have a Linux box on my network with IP address 10.1.1.20/16 on
> eth0.
>
> It's going to have IP address 192.168.1.1/24 on eth1 connected via a
> cross-over to another Linux box pretending to be a pair of Cisco routers,
> then via another cross-over to a destination host on 10.1.0.34 pretending to
> be their web server.
>
> Questions:
>
> Which kernel version did you use?
2.4.18-19.7.x (Redhat 7.3)
> How do I set up the ARP proxying for 10.1.0.x?
in /etc/sysctl.conf:
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.proxy_arp = 1
eth0 is the outside world in my case, and eth1 is my enclosed subnet. ARP
proxying has nothing to do with IP, since it's lower level. It just echos
arp-requests and the like from one interface to another. Otherwise when
someone is looking for a machine behind you firewall thang, noone will reply.
The request has to be passed to the inside so that they can reply.
> How can I NAT the traffic for 10.1.0.x and route it through the cisco box
> while not stuffing the rest of the 10.1.x.x network on eth0?
Shouldn't need to be NATted I don't think. I'm somewhat confused by the
network description. Can you do it again for my befuddled mind?
> (I need the traffic NATing so that the other end knows to return the traffic
> to my box)?
There's not necessarily any need to NAT. I'm certainly not.
> Is this something I can configure into a Smoothwall/IPCOPs style distribution
> or do I need a cut-down RH dist for the job?
Assume you can do it with whatever, I just happened to have a RedHat box doing
nothing useful.
Sorry for that gibber, I've been a tad vague.
jh
--
"Une belle fille et un demi de Kronenbourg est la cle de tous les secrets de
l'univers, la solution a toutes nos souffrances, le remede a la condition
humaine..."
-- Unknown