From owner-freebsd-net@FreeBSD.ORG Wed Oct 24 18:56:26 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 407E216A417 for ; Wed, 24 Oct 2007 18:56:26 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from mail-out3.apple.com (mail-out3.apple.com [17.254.13.22]) by mx1.freebsd.org (Postfix) with ESMTP id 19D4A13C481 for ; Wed, 24 Oct 2007 18:56:25 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from relay14.apple.com (relay14.apple.com [17.128.113.52]) by mail-out3.apple.com (Postfix) with ESMTP id 6641F16275FE; Wed, 24 Oct 2007 11:40:45 -0700 (PDT) Received: from relay14.apple.com (unknown [127.0.0.1]) by relay14.apple.com (Symantec Mail Security) with ESMTP id 4D2C92808A; Wed, 24 Oct 2007 11:40:45 -0700 (PDT) X-AuditID: 11807134-a5e5abb000000c52-a6-471f91ade96e Received: from [17.214.13.96] (cswiger1.apple.com [17.214.13.96]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by relay14.apple.com (Apple SCV relay) with ESMTP id 3115128085; Wed, 24 Oct 2007 11:40:45 -0700 (PDT) In-Reply-To: <471F8C41.7030503@seclark.us> References: <471F8C41.7030503@seclark.us> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Chuck Swiger Date: Wed, 24 Oct 2007 11:40:44 -0700 To: Stephen.Clark@seclark.us X-Mailer: Apple Mail (2.752.2) X-Brightmail-Tracker: AAAAAA== Cc: freebsd-net@freebsd.org Subject: Re: proxy arp on 6.1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Oct 2007 18:56:26 -0000 On Oct 24, 2007, at 11:17 AM, Stephen Clark wrote: > I must be doing something wrong. I can't seem to get proxy arp to > work. Is there some > magic. > > I have the following setup isp router 205.x.x.1 <-> 205.x.x.100/25 > rl1 freebsd vr0 205.x.x.129/25 > <-> 205.x.x.193/25 I'm not really sure what you're trying to do from the description above. > arp -an > (205.x.x.1) at 00:13:7f:5a:b5:50 on rl1 [ethernet] > (205.x.x.193) at 00:30:18:a3:44:2d on vr0 permanent published > (proxy only) [ethernet] "proxy only" means that you're adding an ARP entry where you've already got a routing table entry in place. But if you're using the FreeBSD machine to do routing for these /25 netblocks, then you shouldn't need to use ARP proxying at all-- just tell the Cisco router to use 205.x.x.100 as the gateway for 205.x.x.128/25. > tcpdump > 13:09:51.386793 arp who-has 205.x.x.193 tell 205.x.x.1 > > but there is no arp-reply from freebsd. > > rl1: flags=8843 mtu 1500 > options=8 > inet 205.x.x.100 netmask 0xffffff80 broadcast 205.x.x.127 > ether 00:30:18:a3:47:a4 > media: Ethernet autoselect (100baseTX ) > status: active One normally uses ARP proxying to convince the ISP's router to send traffic for machines on a publicly routable subnet to the BSD machine which then re-writes the incoming traffic via NAT for machines behind an unroutable RFC-1918 subnet. -- -Chuck