Proxy ARP za ucelem NATu?
David Rohleder
davro na ics.muni.cz
Úterý Prosinec 4 17:40:04 CET 2001
kas na informatics.muni.cz (Jan Kasprzak) writes:
> Mam takovy problem s proxy ARP. Situace:
>
> ---[gw]---------[fw]---------[server]
> 1.2.3.1/29 1.2.3.2/29 10.0.0.2/24
> 10.0.0.1/24
>
> Cilem je, aby nejaka sluzba (treba http/tcp) na serveru "server" byla zvenku
> pristupna pod adresou http://1.2.3.3/ s tim, ze "fw" bude delat preklad
> adres. Ocekaval jsem, ze na "fw" bude stacit dat
>
> arp -i eth0 -s 1.2.3.3 0:1:2:3:4:5 pub
>
> (kde eth0 je rozhrani smerem ke gw, 0:1:2:3:4:5 je MAC adresa eth0)
> a pak
>
> iptables -t nat -A PREROUTING -d 1.2.3.3 -j DNAT --to-destination 10.0.0.2
>
> Problem je, ze "fw" neodpovida na ARP dotazy routeru "gw", ktery se pta
> na 1.2.3.3. V manove strance k arp(8) jsem zjistil, ze:
>
> -i If, --device If
> Select an interface. When dumping the ARP cache
> only entries matching the specified interface will
> be printed. When setting a permanent or temp ARP
> entry this interface will be associated with the
> entry; if this option is not used, the kernel will
> guess based on the routing table. For pub entries
> the specified interface is the interface on which
> ARP requests will be answered.
> NOTE: This has to be different from the interface
> to which the IP datagrams will be routed.
>
> Zarazi me to "NOTE". Proc by se melo ARP nejak ohlizet na to,
> ze ktereho rozhrani prichazi pozadavek?
>
> Pokud namisto proxy ARP udelam na "fw" neco jako
> ifconfig eth0:0 1.2.3.3 ..., zacne na ARP dotazy odpovidat.
>
> Proc se proxy ARP chova takto?
>
A mas zapnute proxy_arp na interfacech?
# cat /proc/sys/net/ipv4/conf/all/proxy_arp
--
-------------------------------------------------------------------------
David Rohleder davro na ics.muni.cz
Institute of Computer Science, Masaryk University
Brno, Czech Republic
-------------------------------------------------------------------------
Další informace o konferenci Linux