proxy ARPing - was Re: [Wylug-help] Possible IP subnet conflict
Jim Jackson
jj at comp.leeds.ac.uk
Tue, 14 Jan 2003 15:53:58 +0000 (GMT)
On Tue, 14 Jan 2003, John Hodrien wrote:
> On Tue, 14 Jan 2003, Gary Stainburn wrote:
>
> > How do I set up the ARP proxying for 10.1.0.x?
>
> in /etc/sysctl.conf:
>
> net.ipv4.ip_forward = 1
> net.ipv4.conf.eth0.proxy_arp = 1
>
> eth0 is the outside world in my case, and eth1 is my enclosed subnet. ARP
> proxying has nothing to do with IP, since it's lower level. It just echos
> arp-requests and the like from one interface to another. Otherwise when
> someone is looking for a machine behind you firewall thang, noone will reply.
> The request has to be passed to the inside so that they can reply.
whoa there.
The firewall actually answers the ARP requesting giving it's own MAC
address. The original arper, then sends any IP packets for the thing on
the otherside of the firewall direct to the firewall.
It can't just relay the ARP, without acting as a bridge/switch, whcih you
need bridging software for (it exists).
Gary you should be ok.
>
> > How can I NAT the traffic for 10.1.0.x and route it through the cisco box
> > while not stuffing the rest of the 10.1.x.x network on eth0?
>
> Shouldn't need to be NATted I don't think. I'm somewhat confused by the
> network description. Can you do it again for my befuddled mind?
>
> > (I need the traffic NATing so that the other end knows to return the traffic
> > to my box)?
>
> There's not necessarily any need to NAT. I'm certainly not.
>
> > Is this something I can configure into a Smoothwall/IPCOPs style distribution
> > or do I need a cut-down RH dist for the job?
>
> Assume you can do it with whatever, I just happened to have a RedHat box doing
> nothing useful.
>
> Sorry for that gibber, I've been a tad vague.
>
> jh
>
> --
> "Une belle fille et un demi de Kronenbourg est la cle de tous les secrets de
> l'univers, la solution a toutes nos souffrances, le remede a la condition
> humaine..."
> -- Unknown
>
>
> _______________________________________________
> Wylug-help mailing list
> Wylug-help@wylug.org.uk
> http://list.wylug.org.uk/mailman/listinfo/wylug-help
>