[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] ARP under Linux
> > > Can anybody tell me why the Linux box doesn´t reply on the > arp request (FW and Linux box are on the same segment)? > > Is this a Linux thing? > > > > After pulling my hair out for a while with a similar problem, I think I can answer this. There appear to be some sanity checks built into the Linux kernel that prevent Linux from blindly arping for just any old IP. In my case, I was trying to set up hide-mode in the same way I normally do on NT, using a non-existent IP for the Hide address. (I don't like using the FW object because it clutters the log.) My research indicates that Linux will not arp for an address unless there is a route for that address - for example, assume the firewall is 10.1.1.254/24, and you have a route that says 10.1.1.1/32 -> 10.2.1.1, you can tell Linux to arp for 10.1.1.1 just fine. However, if you try to tell Linux to proxy arp for 10.1.1.2, and there is no specific route for this, the Linux kernel ignores the arp. I assume this is because it thinks that there would be no point in trying to do a proxy arp for a local IP address, since presumably the local device could arp for it's own address. Still looking for a work around, I assume there is a kernel compile option that might disable this, but I haven't found it yet. HTH, Steve ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|