Militantly FREE software support.
Militantly FREE software support.
NavigationUser loginSpam?See spam posts on this site? If so, please don't reply to the spam! Instead, just report the URL to the webmaster. |
arp_proxy does not work with static DHCP/PERM arp ?Hello, Sep 30 21:15:28 beta dhcpd: DHCPDISCOVER from 00:17:08:49:22:80 via eth1 I have some DHCP net clients that are masqueraded and they are simply host USERXXX { hardware ethernet 00:17:08:49:22:80; fixed-address and with static MACaddr: beta log # arp -an | grep 10.100.1.21 after switching: net.ipv4.conf.all.proxy_arp = 0 to : net.ipv4.conf.all.proxy_arp = 1 the above logs started to appear... NAturally clients can't obtain IP address and don't have internet access. Here's arp fragment from my sysctl : net.ipv4.conf.all.arp_ignore = 1 p.s. eth1 -> lan -- -- Bookmark/Search this post with: 
|
• Debian Weekly News - Essential reading for any Debian fan. • Documentation - Debian's own authoritative documentation, including installation docs. • FAQ - Got questions about Debian GNU/Linux? • From Windows to Debian - Tips for converting from Windows to Debian GNU/Linux • Package of the Day. • Security - Security information and alerts! • Bug System - Bug tracking and instructions on reporting bugs. • CD Images - Where/how to get Debian GNU/Linux CD images. • Mailing List Subscription - Dozens of Debian-specific support mailing lists! • Mailing List Archives - Searchable archives of Debian's mailing lists. • Free Software Guidelines - Learn Debian's idea of what "free" software really is. • Package Listings - A very valuable tool: searchable, integrated with bug reports. • Apt-Get Sources - Sources for *.debs which are not official Debian packages. • Backports - Unofficial new software packages that have been "back-ported" to work with the Debian stable/official release. • Developer's Corner - Info about the people behind Debian, policies, and how to package *.deb files.
arp_proxy does not work with static DHCP/PERM arp ?
Hello,
Wojciech Ziniewicz a écrit :
> Yesterday after starting using arp_proxy i've received many lines like
> this (in syslog) :
>
> Sep 30 21:15:28 beta dhcpd: DHCPDISCOVER from 00:17:08:49:22:80 via eth1
> Sep 30 21:15:28 beta dhcpd: DHCPOFFER on 10.100.1.21 to
> 00:17:08:49:22:80 via eth1
> Sep 30 21:15:28 beta dhcpd: DHCPREQUEST for 10.100.1.21 (10.100.0.1)
> from 00:17:08:49:22:80 via eth1
> Sep 30 21:15:28 beta dhcpd: DHCPACK on 10.100.1.21 to 00:17:08:49:22:80 via eth1
> Sep 30 21:15:29 beta dhcpd: DHCPDECLINE of 10.100.1.21 from
> 00:17:08:49:22:80 via eth1: not found
[...]
> after switching:
>
> net.ipv4.conf.all.proxy_arp = 0
>
> to :
>
> net.ipv4.conf.all.proxy_arp = 1
>
> the above logs started to appear...
>
> NAturally clients can't obtain IP address and don't have internet access.
> What's wrong ? Can't I use proxy arp with static DHCP/static ARP ?
> Why does my DHCP server decline to assign an IP address to a host
> after makingh my router an arp_proxy ?
It's the client which declines the offered IP address, not the server.
My guess is that the client checks that the offered IP address is not
already in use by issuing an ARP request and expecting no reply. When
the router has proxy_arp enabled, it replies to the ARP request so the
client believes the IP address is in use and declines the offer.
You can check by running a packet sniffer on the client.
--
arp_proxy does not work with static DHCP/PERM arp ?
2007/9/30, Pascal Hambourg :
> It's the client which declines the offered IP address, not the server.
> My guess is that the client checks that the offered IP address is not
> already in use by issuing an ARP request and expecting no reply. When
> the router has proxy_arp enabled, it replies to the ARP request so the
> client believes the IP address is in use and declines the offer.
>
> You can check by running a packet sniffer on the client.
>
It looks like You are right
What would you advice to get rid of this sittuation ?
I suppose that turning arp_proxy only on eth0 should work . It would be like :
net.ipv4.conf.eth0.proxy_arp = 1
regardz.
--
Wojciech Ziniewicz
Unix SEX :{look;gawk;find;sed;talk;grep;touch;finger;find;fl
ex;unzip;head;tail; mount;workbone;fsck;yes;gasp;fsck;more;yes;yes;eje
ct;umount;makeclean; zip;split;done;exit:xargs!!;)}
--
arp_proxy does not work with static DHCP/PERM arp ?
Wojciech Ziniewicz a écrit :
> 2007/9/30, Pascal Hambourg :
>
>>My guess is that the client checks that the offered IP address is not
>>already in use by issuing an ARP request and expecting no reply. When
>>the router has proxy_arp enabled, it replies to the ARP request so the
>>client believes the IP address is in use and declines the offer.
>
> It looks like You are right
However it is surprising that the router answers ARP requests for
addresses that are on the same side. This would not break only DHCP but
all ARP operation on the subnet.
> What would you advice to get rid of this sittuation ?
> I suppose that turning arp_proxy only on eth0 should work
I cannot give any advice without knowledge about your network layout, IP
subnets, routing tables, and what you need proxy ARP for.
--
arp_proxy does not work with static DHCP/PERM arp ?
2007/10/1, Pascal Hambourg :
> However it is surprising that the router answers ARP requests for
> addresses that are on the same side. This would not break only DHCP but
> all ARP operation on the subnet.
>
> > What would you advice to get rid of this sittuation ?
> > I suppose that turning arp_proxy only on eth0 should work
>
> I cannot give any advice without knowledge about your network layout, IP
> subnets, routing tables, and what you need proxy ARP for.
It's simple . I've got 2 routers.
One that is a BGP peer with worldwide routing table that holds a C IP
class and has IP x.x.x.1
My router/firewall/TC machine is connected directly to the router with
x.x.x.2 IP .
It has 3 interfaces :
-eth0 for internet default via x.x.x.1
-eth1 for 10.0.x.x clients (DHCP assigned )
-eth2 for 10.0.x.x clients (pppoe-server assigned)
Actually 80% of the clients are masquaraded on x.x.x.2 but those who
have public IP addr are masqueraded also (DNAT/SNAT) so things like
active ftp don't work well .
I want to assign IP adressess directly to the interface of my clients
- i've been testing it for a while and it works - except for one
thing. After about 10 (?maybe less, maybe more?) minutes of
inactivity - there's no way to ping or connect to an IP addr from the
internet.
I think it has something to do with the way I assign IP adresses
statically through DHCP - my iptables and arp table are denying
customers to connect with another mac address .
So when I enable arp proxy on eth0 - there's everything OK - but AFAIK
i have to enable it on eth2 and eth1 and then clients get the
"DHCPDECLINE" message.
I can provide as much info as You want (and I'm able to ;) )
Regards.
Wojtek
--
Wojciech Ziniewicz
Unix SEX :{look;gawk;find;sed;talk;grep;touch;finger;find;fl
ex;unzip;head;tail; mount;workbone;fsck;yes;gasp;fsck;more;yes;yes;eje
ct;umount;makeclean; zip;split;done;exit:xargs!!;)}
--