Date: Wed, 24 Oct 2007 11:40:44 -0700 From: Chuck Swiger <cswiger@mac.com> To: Stephen.Clark@seclark.us Cc: freebsd-net@freebsd.org Subject: Re: proxy arp on 6.1 Message-ID: <E344E5E9-EA9D-4DE0-A517-55829C94E2A8@mac.com> In-Reply-To: <471F8C41.7030503@seclark.us> References: <471F8C41.7030503@seclark.us>
next in thread | previous in thread | raw e-mail | index | archive | help
On Oct 24, 2007, at 11:17 AM, Stephen Clark wrote: > I must be doing something wrong. I can't seem to get proxy arp to > work. Is there some > magic. > > I have the following setup isp router 205.x.x.1 <-> 205.x.x.100/25 > rl1 freebsd vr0 205.x.x.129/25 > <-> 205.x.x.193/25 I'm not really sure what you're trying to do from the description above. > arp -an > (205.x.x.1) at 00:13:7f:5a:b5:50 on rl1 [ethernet] > (205.x.x.193) at 00:30:18:a3:44:2d on vr0 permanent published > (proxy only) [ethernet] "proxy only" means that you're adding an ARP entry where you've already got a routing table entry in place. But if you're using the FreeBSD machine to do routing for these /25 netblocks, then you shouldn't need to use ARP proxying at all-- just tell the Cisco router to use 205.x.x.100 as the gateway for 205.x.x.128/25. > tcpdump > 13:09:51.386793 arp who-has 205.x.x.193 tell 205.x.x.1 > > but there is no arp-reply from freebsd. > > rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > options=8<VLAN_MTU> > inet 205.x.x.100 netmask 0xffffff80 broadcast 205.x.x.127 > ether 00:30:18:a3:47:a4 > media: Ethernet autoselect (100baseTX <full-duplex>) > status: active One normally uses ARP proxying to convince the ISP's router to send traffic for machines on a publicly routable subnet to the BSD machine which then re-writes the incoming traffic via NAT for machines behind an unroutable RFC-1918 subnet. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E344E5E9-EA9D-4DE0-A517-55829C94E2A8>