NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] ARP under Linux




>
> > Can anybody tell me why the Linux box doesn´t reply on the 
> arp request (FW and Linux box are on the same segment)?
> > Is this a Linux thing?
> >
>
> 

After pulling my hair out for a while with a similar
problem, I think I can answer this.  There appear to be
some sanity checks built into the Linux kernel that prevent
Linux from blindly arping for just any old IP.  In my case,
I was trying to set up hide-mode in the same way I normally
do on NT, using a non-existent IP for the Hide address.
(I don't like using the FW object because it clutters the log.)
My research indicates that Linux will not arp for an address
unless there is a route for that address - for example,
assume the firewall is 10.1.1.254/24, and you have a route 
that says 10.1.1.1/32 -> 10.2.1.1, you can tell Linux to arp
for 10.1.1.1 just fine.  However, if you try to tell Linux to 
proxy arp for 10.1.1.2, and there is no specific route for this, 
the Linux kernel ignores the arp.  I assume this is because it 
thinks that there would be no point in trying to do a proxy
arp for a local IP address, since presumably the local device
could arp for it's own address.  Still looking for a work around,
I assume there is a kernel compile option that might disable this,
but I haven't found it yet.

 HTH,
    Steve





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.