Jan Mulders wrote: > Hello all. > > Having a few troubles with ProxyARP - Despite being configured in what > looks > to be a correct manner, my server is not responding to incoming ARP > queries. > Take a look: > > One machine (external to this entire network) pinging 67.159.49.180, a > client on my VPN interface, tun0: > seeds:~# ping 67.159.49.180 > PING 67.159.49.180 (67.159.49.180) 56(84) bytes of data. > [no responses] > > My firewall machine, which is configured to proxyarp traffic between eth0 > and tun0 (see later for configs): > [EMAIL PROTECTED] [/etc/openvpn]# tcpdump -i eth0 -n src 67.159.49.180 or dst > 67.159.49.180 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes > 11:58:42.451208 arp who-has 67.159.49.180 tell 67.159.49.177 > 11:58:44.450829 arp who-has 67.159.49.180 tell 67.159.49.177 > 11:58:46.450709 arp who-has 67.159.49.180 tell 67.159.49.177 >
>From where I am, I can ping 67.159.49.177 and .178 only > The output of 'arp -n' on the firewall machine: > > [EMAIL PROTECTED] [~]# arp -n > Address HWtype HWaddress Flags Mask > Iface > 67.159.44.1 ether 00:D0:01:1E:50:0A C > eth0 > 67.159.49.184 * * MP > eth0 > 67.159.49.185 * * MP > eth0 > 67.159.49.186 * * MP > eth0 > 67.159.49.187 * * MP > eth0 > 67.159.49.188 * * MP > eth0 > 67.159.49.189 * * MP > eth0 > 67.159.49.190 * * MP > eth0 > 67.159.49.179 * * MP > eth0 > 67.159.49.180 * * MP > eth0 > 67.159.49.181 * * MP > eth0 > 67.159.49.182 * * MP > eth0 > 67.159.49.183 * * MP > eth0 Can you ping .177 from the firewall? > > My ifconfig: > > [EMAIL PROTECTED] [~]# ifconfig > eth0 Link encap:Ethernet HWaddr 00:E0:4C:77:85:4A > inet addr:67.159.44.246 Bcast:67.159.44.255 Mask:255.255.255.0 > inet6 addr: fe80::2e0:4cff:fe77:854a/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:60822 errors:0 dropped:0 overruns:0 frame:0 > TX packets:3960 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:4747174 (4.5 MiB) TX bytes:623330 (608.7 KiB) > Interrupt:169 Base address:0x6000 > > eth0:1 Link encap:Ethernet HWaddr 00:E0:4C:77:85:4A > inet addr:66.90.117.9 Bcast:66.90.117.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:169 Base address:0x6000 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:116 errors:0 dropped:0 overruns:0 frame:0 > TX packets:116 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:12509 (12.2 KiB) TX bytes:12509 (12.2 KiB) > > tun0 Link encap:UNSPEC HWaddr > 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 > inet addr:67.159.49.178 P-t-P:67.159.49.178 Mask:255.255.255.240 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > > (tun0 is handing out IPs to clients as .179, .180, etc) > > I have been given a /28 by my ISP, giving me 13 usable IPs. I've handed all > but one of these out to my clients on tun0 (except for .178, which I'm > using > for hosting DNS and other things the clients should use directly). > > Interestingly, the machine complaining about the lack of arp is > 67.159.49.177, which is one off the beginning of my range. Perhaps related > to the 'network', 'router', and 'broadcast addresses of my IP range? > What is .177? The router/gateway for the rest of the lan? > My proxyarp configuration: > > #ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT > # 67.159.49.178 tun0 eth0 no # commented out for tun0 ip use > 67.159.49.179 tun0 eth0 no > 67.159.49.180 tun0 eth0 no > 67.159.49.181 tun0 eth0 no > 67.159.49.182 tun0 eth0 no > 67.159.49.183 tun0 eth0 no > 67.159.49.184 tun0 eth0 no > 67.159.49.185 tun0 eth0 no > 67.159.49.186 tun0 eth0 no > 67.159.49.187 tun0 eth0 no > 67.159.49.188 tun0 eth0 no > 67.159.49.189 tun0 eth0 no > 67.159.49.190 tun0 eth0 no > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > Can anyone figure out why a previously working configuration (it worked > fine > last night!) would suddenly stop working? Why would my machine stop > responding to arp requests? Have I broken something, or arp cache maybe? > overlooked/misunderstood/misconfigured anything? > > Any and all help will be greatly appreciated. Maybe, need a better understanding of your layout. .180's gateway is get to what? What does ip route ls look like? Better yet how about a dump? Jerry ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
