NetFilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Duplicate IPs using proxy_arp

from [Ing. Rogelio Sevilla Fernandez] [Permanent Link][Original]
To: netfilter@lists.netfilter.org
Subject: Duplicate IPs using proxy_arp
From: "Ing. Rogelio Sevilla Fernandez" <sevilla@col.gob.mx>
Date: Sat, 25 Nov 2006 12:47:36 -0600
Delivered-to: sp-com-lists@consult.net
Delivered-to: netfilter-list1@securepoint.com
List-archive: </pipermail/netfilter>
List-help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id: General discussion and user questions <netfilter.lists.netfilter.org>
List-post: <mailto:netfilter@lists.netfilter.org>
List-subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Sender: netfilter-bounces@lists.netfilter.org
User-agent: Internet Messaging Program (IMP) H3 (4.1.3) 
This is the scenario..
I have a Public IP segment... 148.235.x.x/28
i have my private IP segment 10.10.1.0/24

One of my public ip is used on my router. (148.235.x.97/28)
I read about proxy arp to permit part on two my public network without change the config of my machines. 

So, this is my linux..

eth0=148.235.x.103/28
eth1=10.10.1.1/24
eth2=148.235.70.103/28
The eth1 and eth2 are connected to the same switch. eth0 is connected to the router. 

So.. i did:
ip route del 148.235.x.x/28 dev eth0
ip route del 148.235.x.x/28 dev eth2
ip route add 148.235.x.97 dev eth0
ip route add 148.235.x.x/28 dev eth2
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
echo 2 > /proc/sys/net/ipv4/conf/eth2/proxy_arp
The machines with the public Ips are working good, but i have problems with my network 10.10.1.0/24. The machines are reporting duplicated Ips.. I read about i need make filters on ARP request.. so, i use this on my sysctl.conf 
net.ipv4.conf.all.arp_filter=2
net.ipv4.conf.default.arp_filter = 1
net.ipv4.conf.eth0.arp_filter=1
net.ipv4.conf.eth1.arp_filter=1
net.ipv4.conf.eth2.arp_filter=1
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.eth0.arp_ignore=1
net.ipv4.conf.eth1.arp_ignore=1
net.ipv4.conf.eth2.arp_ignore=1
net.ipv4.conf.default.arp_announce=2
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.eth0.arp_announce=2
net.ipv4.conf.eth1.arp_announce=2
net.ipv4.conf.eth2.arp_announce=2

I apply the parameters using sysctl -p
and when a machine connect to the network, i saw this on arp  tables:
10.10.1.188 ether 00:04:23:CB:00:CA C eth2 10.10.1.188 ether 00:12:17:98:C2:5F C eth1 

00:04:23:CB:00:CA   its the MAC of the eth1 nic.
00:12:17:98:C2:5F   its the Real MAC of my client.


But i still having Duplicated IPs.

How can i fix that?

Thanks.



--
Ing. Rogelio C. Sevilla Fernández
Dirección de Desarrollo Telemático / Secretaria de Administración
Tel (312)3162062 / (312)3162000 ext 2360
Gobierno del Estado de Colima.

-----------------------------------------------------
 "2006, AÑO DEL BICENTENARIO DEL NATALICIO DEL LIC.
    BENITO JUAREZ BENEMERITO DE LAS AMERICAS"
-----------------------------------------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Duplicate IPs using proxy_arp, Ing. Rogelio Sevilla Fernandez <=
Previous by Date:  ip routing after changing mac address to a virtual one, first last
Next by Date:  Re: Someone is using too much bandwidth???, R. DuFresne
Previous by Thread:  ip routing after changing mac address to a virtual one, first last
Next by Thread:  Passive FTP sees remote's _internal_ IP!!??, gypsy
Indexes:  [Date] [Thread] [Top] [All Lists]