[2.0.36] proxy ARP prob?

Jeff Garzik (jgarzik@pobox.com)
Thu, 10 Dec 1998 20:53:00 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Richard B. Johnson: "lseek()"
Previous message: Grover, Andrew: "RE: ACPI"

Hopefully somebody can point out what I'm doing something wrong here.
I'm trying to put a permanent entry into the ARP cache for a network,
on interface eth1. For some reason it really likes eth0 instead.

This is the next chapter in my quest to have Linux firewall my class C. :)

The idea is that I hardcode a few host entries in the ARP cache, which
are hanging off of eth1, the unprotected side of the firewall. The
protected side contains the rest of the hosts, and is hardcoded into the
ARP cache as a single network entry.

Currently there is only one host external, a router, on .1. There is a
test box on .10 hanging off of eth0. When logged into the firewall box,
I can ping .1 and .10, so I know routing works.

The problem arises with the arp commands. I add two, one host entry for
the router hanging off eth1, and one net entry for the network on eth0.
I have tried all permutations of the ARP command below, but it always
seems to turn my eth1 ARP bindings into eth0 ones.

I have tried many permutations of the arp command in the past day or
so, not just those listed below, and none of them liked eth1 very much.

Ideas or suggestions welcome. Thanks,

Jeff

Details: RedHat 5.1/Intel stock+patches, Linux 2.0.36 custom build,
Ugly EISA HP Netserver, a 486/66 I think, 3 x 3c509 cards
Once used as boss's coffee table for extended period of time.

Enclosures:
* rc.firewall script. eth0 and a network route is setup by RedHat.
* netstat -rn output (routing table)
* ifconfig -a output
* log of some arp command permutations I tried, with 'arp -an' results

----------------------------------------------------------------------

#!/bin/sh

echo Setting up firewall network config...

ifconfig eth1 207.139.10.199 netmask 255.255.255.0

echo 1 > /proc/sys/net/ipv4/ip_forward

route add -net 127.0.0.0 netmask 255.0.0.0 dev lo
route add -host 207.139.10.1 dev eth1
route add default gw 207.139.10.1

arp -i eth0 -s -Ds 207.139.10.1 eth0 pub
arp -i eth0 -s -Ds 207.139.10.0 eth0 netmask 255.255.255.0 pub

----------------------------------------------------------------------

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
207.139.10.1 0.0.0.0 255.255.255.255 UH 1500 0 0 eth1
207.139.10.0 0.0.0.0 255.255.255.0 U 1500 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 3584 0 0 lo
0.0.0.0 207.139.10.1 0.0.0.0 UG 1500 0 0 eth1
----------------------------------------------------------------------

lo Link encap:Local Loopback
inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0
TX packets:0 errors:0 dropped:0 overruns:0

eth0 Link encap:Ethernet HWaddr 00:20:AF:A4:73:34
inet addr:207.139.10.199 Bcast:207.139.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0
TX packets:4 errors:0 dropped:0 overruns:0
Interrupt:5 Base address:0x4000

eth1 Link encap:Ethernet HWaddr 00:20:AF:1D:91:18
inet addr:207.139.10.199 Bcast:207.139.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:697 errors:0 dropped:0 overruns:0
TX packets:735 errors:0 dropped:0 overruns:0
Interrupt:9 Base address:0x6000

----------------------------------------------------------------------
arp -i eth0 -s -Ds 207.139.10.1 eth0 pub
arp -i eth1 -s -Ds 207.139.10.0 eth1 netmask 255.255.255.0 pub
? (207.139.10.1) at 00:C0:7B:70:85:2E [ether] on eth1
? (207.139.10.1) at 00:20:AF:A4:73:34 [ether] PERM PUP on eth0
? (207.139.10.0) at 00:20:AF:1D:91:18 [ether] netmask 255.255.255.0 PERM PUP on eth0
arp -i eth0 -s -Ds 207.139.10.1 eth0 pub
arp -i eth0 -s -Ds 207.139.10.0 eth1 netmask 255.255.255.0 pub

? (207.139.10.1) at 00:C0:7B:70:85:2E [ether] on eth1
? (207.139.10.10) at 00:60:97:5A:E0:52 [ether] on eth0
? (207.139.10.1) at 00:20:AF:A4:73:34 [ether] PERM PUP on eth0
? (207.139.10.0) at 00:20:AF:1D:91:18 [ether] netmask 255.255.255.0 PERM PUP on eth0
arp -i eth0 -s -Ds 207.139.10.1 eth0 pub
arp -i eth1 -s -Ds 207.139.10.0 eth0 netmask 255.255.255.0 pub

? (207.139.10.1) at 00:C0:7B:70:85:2E [ether] on eth1
? (207.139.10.10) at 00:60:97:5A:E0:52 [ether] on eth0
? (207.139.10.1) at 00:20:AF:A4:73:34 [ether] PERM PUP on eth0
? (207.139.10.0) at 00:20:AF:A4:73:34 [ether] netmask 255.255.255.0 PERM PUP on eth0
arp -i eth0 -s -Ds 207.139.10.1 eth0 pub
arp -i eth0 -s -Ds 207.139.10.0 eth0 netmask 255.255.255.0 pub

? (207.139.10.1) at 00:C0:7B:70:85:2E [ether] on eth1
? (207.139.10.1) at 00:20:AF:A4:73:34 [ether] PERM PUP on eth0
? (207.139.10.0) at 00:20:AF:A4:73:34 [ether] netmask 255.255.255.0 PERM PUP on eth0

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Richard B. Johnson: "lseek()"
Previous message: Grover, Andrew: "RE: ACPI"