Date: Sat, 7 Oct 2000 20:20:07 -0700 (PDT) From: Bernd Luevelsmeyer <bernd.luevelsmeyer@heitec.net> To: freebsd-doc@freebsd.org Subject: Re: docs/21826: ARP proxy feature lacks documentation Message-ID: <200010080320.UAA43992@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR docs/21826; it has been noted by GNATS. From: Bernd Luevelsmeyer <bernd.luevelsmeyer@heitec.net> To: Brooks Davis <brooks@one-eyed-alien.net> Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: docs/21826: ARP proxy feature lacks documentation Date: Sun, 08 Oct 2000 05:14:12 +0200 Brooks Davis wrote: > > On Sun, Oct 08, 2000 at 03:07:22AM +0200, Bernd Luevelsmeyer wrote: > > Thanks. I tried that already, to no avail. The gateway answered ARP > > requests as intended but didn't forward the traffic, just as with 'arp > > -s'. > > Hence, the documentation issue about the /etc/rc.conf feature > > "arpproxy_all" remains. > > Err, what do you want to do? ARP proxying is just to allow a gateway to > lie to hosts who's idea of network layout doesn't match reality. The > gateway must handle packet forwarding seperatly. Yes, essentially by having several interfaces and setting "gateway_enable" in /etc/rc.conf . Initially, I thought I'd get what I want by setting both "gateway_enable" and "arpproxy_all" to "YES". Then I realized I'd somehow have to configure which addresses I wanted to have proxied, and thought I could do that with "arp -s" commands in /etc/rc.local . With these three simple steps, me thought, I could get things handled quite easily. > Clearly this needs to be documented, but I'm not sure you're looking for > the right thing. I wanted this thing: The gateway should announce the machines on its "inner" interface to the "outer" interface, so that, from the outside, the gateway would appear to have all the inner addresses itself. So, the gateway would receive all the traffic that was intended for the "inner" machines, and it should then forward the packages to the really intended "inner" machines. The matter is, I couldn't get this to work. I could get the arp proxy functionality, or the gateway functionality; but not both at the same time. As soon as the proxy-arping was working, the machine wouldn't forward the traffic from the outside to the inside any more. I used 'arp -s' commands to set up the arp proxy. I also tried 'choparp', but only shortly. I concentrated on 'arp -s' and the "arpproxy_all" variable in /etc/rc.conf , because I wouldn't want to trust a port if the system has the functionality by itself already. I assume an arp proxy on a gateway is possible. Since the arp proxy features of FreeBSD are not documented at all (except for a short sentence in rc.conf(5)), I assume that I didn't get it right because of a docu lack. Hence, the PR about lacking documentation. Please see the thread "arp proxy" in freebsd-questions, where Christ J. Clark does his best to help me. His "no docs on a sysctl switch! *SHOCK*" gave me the idea of creating the PR btw.. Greetings, Bernd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010080320.UAA43992>