[Shorewall-users] Troubleshooting ProxyARP

Sun, 10 Jun 2007 09:08:13 -0700 

Hello all.

Having a few troubles with ProxyARP - Despite being configured in what looks
to be a correct manner, my server is not responding to incoming ARP queries.
Take a look:

One machine (external to this entire network) pinging 67.159.49.180, a
client on my VPN interface, tun0:
seeds:~# ping 67.159.49.180
PING 67.159.49.180 (67.159.49.180) 56(84) bytes of data.
[no responses]

My firewall machine, which is configured to proxyarp traffic between eth0
and tun0 (see later for configs):
[EMAIL PROTECTED] [/etc/openvpn]# tcpdump -i eth0 -n src 67.159.49.180 or dst
67.159.49.180
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:58:42.451208 arp who-has 67.159.49.180 tell 67.159.49.177
11:58:44.450829 arp who-has 67.159.49.180 tell 67.159.49.177
11:58:46.450709 arp who-has 67.159.49.180 tell 67.159.49.177

The output of 'arp -n' on the firewall machine:

[EMAIL PROTECTED] [~]# arp -n
Address                  HWtype  HWaddress           Flags Mask
Iface
67.159.44.1              ether   00:D0:01:1E:50:0A   C
eth0
67.159.49.184            *       *                   MP
eth0
67.159.49.185            *       *                   MP
eth0
67.159.49.186            *       *                   MP
eth0
67.159.49.187            *       *                   MP
eth0
67.159.49.188            *       *                   MP
eth0
67.159.49.189            *       *                   MP
eth0
67.159.49.190            *       *                   MP
eth0
67.159.49.179            *       *                   MP
eth0
67.159.49.180            *       *                   MP
eth0
67.159.49.181            *       *                   MP
eth0
67.159.49.182            *       *                   MP
eth0
67.159.49.183            *       *                   MP
eth0

My ifconfig:

[EMAIL PROTECTED] [~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:E0:4C:77:85:4A
         inet addr:67.159.44.246  Bcast:67.159.44.255  Mask:255.255.255.0
         inet6 addr: fe80::2e0:4cff:fe77:854a/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:60822 errors:0 dropped:0 overruns:0 frame:0
         TX packets:3960 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:4747174 (4.5 MiB)  TX bytes:623330 (608.7 KiB)
         Interrupt:169 Base address:0x6000

eth0:1    Link encap:Ethernet  HWaddr 00:E0:4C:77:85:4A
         inet addr:66.90.117.9  Bcast:66.90.117.255  Mask:255.255.255.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         Interrupt:169 Base address:0x6000

lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:116 errors:0 dropped:0 overruns:0 frame:0
         TX packets:116 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:12509 (12.2 KiB)  TX bytes:12509 (12.2 KiB)

tun0      Link encap:UNSPEC  HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
         inet addr:67.159.49.178  P-t-P:67.159.49.178  Mask:255.255.255.240
         UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:100
         RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

(tun0 is handing out IPs to clients as .179, .180, etc)

I have been given a /28 by my ISP, giving me 13 usable IPs. I've handed all
but one of these out to my clients on tun0 (except for .178, which I'm using
for hosting DNS and other things the clients should use directly).

Interestingly, the machine complaining about the lack of arp is
67.159.49.177, which is one off the beginning of my range. Perhaps related
to the 'network', 'router', and 'broadcast addresses of my IP range?

My proxyarp configuration:

#ADDRESS        INTERFACE       EXTERNAL        HAVEROUTE       PERSISTENT
# 67.159.49.178  tun0   eth0   no  # commented out for tun0 ip use
67.159.49.179  tun0            eth0            no
67.159.49.180  tun0   eth0   no
67.159.49.181  tun0   eth0   no
67.159.49.182  tun0   eth0   no
67.159.49.183  tun0   eth0   no
67.159.49.184  tun0   eth0   no
67.159.49.185  tun0   eth0   no
67.159.49.186  tun0   eth0   no
67.159.49.187  tun0   eth0   no
67.159.49.188  tun0   eth0   no
67.159.49.189  tun0   eth0   no
67.159.49.190  tun0   eth0   no
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Can anyone figure out why a previously working configuration (it worked fine
last night!) would suddenly stop working? Why would my machine stop
responding to arp requests? Have I broken something, or
overlooked/misunderstood/misconfigured anything?

Any and all help will be greatly appreciated.

Thanks,

Jan

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to