Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] ARP under Linux

To: "Steve Bridge" <[email protected]>, "'[email protected]'" <[email protected]>
Subject: RE: [FW1] ARP under Linux
From: "David Goode" <[email protected]>
Date: Fri, 11 May 2001 10:31:00 -0500
Importance: Normal
In-reply-to: <11FF4BD3F308D511B90700805F59A4B80AA44F@SATURN>
Sender: [email protected]



  The file, /etc/sysctl.conf holds run time parameters that control various
aspects of the kernel. In this file, there are parameters that directly
relate to the use of proxy arp. The default is off. You can manipulate these
settings with the sysctl [OPTION] command. Do a man for details.

> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]]On Behalf Of
> Steve Bridge
> Sent: Thursday, May 10, 2001 1:13 PM
> To: '[email protected]'
> Subject: [FW1] ARP under Linux
>
>
>
>
> >
> > > Can anybody tell me why the Linux box doesn´t reply on the
> > arp request (FW and Linux box are on the same segment)?
> > > Is this a Linux thing?
> > >
> >
> >
>
> After pulling my hair out for a while with a similar
> problem, I think I can answer this.  There appear to be
> some sanity checks built into the Linux kernel that prevent
> Linux from blindly arping for just any old IP.  In my case,
> I was trying to set up hide-mode in the same way I normally
> do on NT, using a non-existent IP for the Hide address.
> (I don't like using the FW object because it clutters the log.)
> My research indicates that Linux will not arp for an address
> unless there is a route for that address - for example,
> assume the firewall is 10.1.1.254/24, and you have a route
> that says 10.1.1.1/32 -> 10.2.1.1, you can tell Linux to arp
> for 10.1.1.1 just fine.  However, if you try to tell Linux to
> proxy arp for 10.1.1.2, and there is no specific route for this,
> the Linux kernel ignores the arp.  I assume this is because it
> thinks that there would be no point in trying to do a proxy
> arp for a local IP address, since presumably the local device
> could arp for it's own address.  Still looking for a work around,
> I assume there is a kernel compile option that might disable this,
> but I haven't found it yet.
>
>  HTH,
>     Steve
>
>
>
>
>
> ==================================================================
> ==============
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==================================================================
> ==============
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] ARP under Linux
  - From: "Steve Bridge" <[email protected]>

Prev by Date: [FW1] Multiple subnets on CP Nokia IP330
Next by Date: RE: [FW1] SonicWall Problem
Previous by thread: [FW1] ARP under Linux
Next by thread: [FW1] on Solaris 2.6 sparc: mdq stops working?
Index(es):
- Date
- Thread