Linux Kernel 2.4.10, arp -s doesn't work?

To:	<netdev@xxxxxxxxxxx>, <davem@xxxxxxxxxx>, <ak@xxxxxx>, <kuznet@xxxxxxxxxxxxx>, <pekkas@xxxxxxxxxx>
Subject:	Linux Kernel 2.4.10, arp -s doesn't work?
From:	<nfudd@xxxxxxxxxxxx>
Date:	Thu, 18 Oct 2001 16:39:56 -0700 (PDT)
Sender:	owner-netdev@xxxxxxxxxxx

Hello!

I'm having a problem with proxy arp.  In short, I can't make it work:

# ifconfig eth0 2.2.2.2
# arp -Ds 2.2.2.3 eth0 pub
# arp -an
? (2.2.2.3) at * PERM PUP on eth0
# tcpdump -n arp
16:08:29.828977 B arp who-has 2.2.2.3 tell 2.2.2.254
16:08:30.314221 B arp who-has 2.2.2.3 tell 2.2.2.254
16:08:31.837216 B arp who-has 2.2.2.3 tell 2.2.2.254
16:08:32.272723 B arp who-has 2.2.2.3 tell 2.2.2.254
#

Ok, can anybody tell me why there are no arp replies?  I'm expecting to see:

16:08:29.833205 > arp reply 2.2.2.3 (0:3:2d:0:5:90) is-at 0:3:2d:0:5:90 
(0:d0:c0:a9:b0:0)

The application: this is a firewall, using NAT.  I'm trying to give some
folks behind the firewall full access to the world, and vice versa.  Yes,
this is not good, security-wise, but customers get what customers want.

The machines behind the firewall can't use the automatic proxy arp
feature in the kernel because their ips aren't real, and wouldn't make
much sense on the outside.

The solution I want to use:
  IP3=2.2.2.3
  arp -Ds 2.2.2.3 eth0 pub
  iptables -A PREROUTING -t nat -d $IP3 -j DNAT --to 10.10.10.191
  iptables -A POSTROUTING -t nat -s 10.10.10.191 -j SNAT --to-source $IP3

The solution I have to use:
  IP3=2.2.2.3
  ifconfig eth0:3 $IP3
  iptables -A PREROUTING -t nat -d $IP3 -j DNAT --to 10.10.10.191
  iptables -A POSTROUTING -t nat -s 10.10.10.191 -j SNAT --to-source $IP3

This is the only way I can see of getting arp replies to be sent, and
it looks evil.

I saw 'Proxy ARP for Linux', http://www.sjdjweis.com/linux/proxyarp/
but it doesn't use the 'arp' command.

I saw http://www.uwsg.indiana.edu/hypermail/linux/kernel/0004.0/0909.html
but I don't need to set random mac addresses, although that would be neat.

I saw http://www.uwsg.indiana.edu/hypermail/linux/kernel/9901.0/0252.html
but I don't need netmasks for my arp command, although that would
solve a different problem I had once upon a time.

I'm using RedHat 6.2, and 'arp --version' says
  net-tools 1.50
  arp 1.85 (1999-01-05)

I'm assuming that since 'arp -an' shows the entry, the linux kernel
got the information, and the bug is in the kernel.

In short, is this a bug?  Or am I doing something wrong?
--
N Fudd -- nfudd@xxxxxxxxxxxx
I heard that if you play the Windows CD backward, you get a satanic message.
But that's nothing compared to when you play it forward: It installs Windows.

<Prev in Thread]	Current Thread	[Next in Thread>
Linux Kernel 2.4.10, arp -s doesn't work?, nfudd <= Re: Linux Kernel 2.4.10, arp -s doesn't work?, Matthew G. Marsh Re: Linux Kernel 2.4.10, arp -s doesn't work?, nfudd Re: Linux Kernel 2.4.10, arp -s doesn't work?, Matthew G. Marsh Re: Linux Kernel 2.4.10, arp -s doesn't work?, nfudd Re: Linux Kernel 2.4.10, arp -s doesn't work?, Matthew G. Marsh Re: Linux Kernel 2.4.10, arp -s doesn't work?, nfudd Re: Linux Kernel 2.4.10, arp -s doesn't work?, kuznet Re: Linux Kernel 2.4.10, arp -s doesn't work?, Martin Josefsson

Previous by Date:	Re: Question about ISN regeneration when Stateless SYN cookies are used, kuznet
Next by Date:	Re: Linux Kernel 2.4.10, arp -s doesn't work?, Matthew G. Marsh
Previous by Thread:	Re: Question about ISN regeneration when Stateless SYN cookies are used, kuznet
Next by Thread:	Re: Linux Kernel 2.4.10, arp -s doesn't work?, Matthew G. Marsh
Indexes:	[Date] [Thread] [Top] [All Lists]