Date: Fri, 6 Oct 2000 10:54:42 -0700 From: "Crist J . Clark" <cjclark@reflexnet.net> To: Bernd Luevelsmeyer <bernd.luevelsmeyer@heitec.net> Cc: questions@FreeBSD.ORG Subject: Re: arp proxy Message-ID: <20001006105442.A62974@149.211.6.64.reflexcom.com> In-Reply-To: <39DDDA7F.68AD47A2@heitec.net>; from bernd.luevelsmeyer@heitec.net on Fri, Oct 06, 2000 at 03:58:23PM %2B0200 References: <39DC78C8.A3CF4F56@heitec.net> <20001005205137.L25121@149.211.6.64.reflexcom.com> <39DDDA7F.68AD47A2@heitec.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 06, 2000 at 03:58:23PM +0200, Bernd Luevelsmeyer wrote:
> Crist J . Clark wrote:
> >
> > On Thu, Oct 05, 2000 at 02:49:12PM +0200, Bernd Luevelsmeyer wrote:
> > > Hi,
> > >
> > >
> > > I need to set up an "arp proxy"; at least I think that's what I need.
> > > The situation is: I've got a combined gateway/firewall machine (FreeBSD
> > > 4.1-Stable), but my provider declares himself unable to direct my
> > > subnet's traffic to that gateway. Instead, he insists on addressing each
> > > of my machines directly, with individual ARPs for each address. So I
> > > think my gateway machine needs to answer all the ARP requests for my
> > > subnet with its own MAC address, and then forward the IP packets it
> > > receives.
> >
> > man 4 bridge
>
> I know how to configure a bridge; in fact, the machine is currently
> running as a bridge, exactly because I couldn't get the arp proxy to
> run. I think I mentioned that in my original mail:
> "Right now I've configured the gateway as a bridge, and that works; but
> I don't like that. So, how do I set up an ARP proxy correctly?"
Oops. Missed that somehow.
> Hence, I don't desperately need something right now to get the network
> running, the bridge is operating just fine. I would however like to
> replace the bridge with an ARP proxy, so I'm interested if FreeBSD is
> able to work as an ARP proxy at all, and if it is: how. Just enabling
> 'arpproxy_all' in /etc/rc.conf definitly isn't enough.
Hmmm... I don't think that is what an ARP proxy does (at least not in
FreeBSD). I can't seem to find docs on it (no docs on a sysctl switch!
*SHOCK*), so "I'll use the source, Luke."
If you track down the proxy code, you will find yourself in,
/usr/src/sys/netinet/if_ether.c
Which has helpful comments like,
/*
* Don't send proxies for nodes on the same interface
* as this one came out of, or we'll get into a fight
* over who claims what Ether address.
*/
Huh? But if I am not mistaken, all an ARP proxy is going to do is
reply to ARP requests... And that does not get you far. You'd still
need to figure out how to get frames over the bridge or packets over a
router to the machines behind the firewall.
I don't have your full email easily accessible, so I may again be
suggesting something you have already tried or thought of, but is
there a reason not to use NAT and redirect your addresses to machines
behind the firewall? (I would venture to guess that if you start
playing with ARP proxies you would end up building your own NAT system,
but it will be more work and a kludge compared to just using
natd(8).)
--
Crist J. Clark cjclark@alum.mit.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001006105442.A62974>