Fw: routing problem and arp

wong alimsl@pc.jaring.my
Fri, 19 Oct 2001 18:54:47 +0800 

i can get the arp work

i have try follow http://www.sjdjweis.com/linux/proxyarp/index.html

mod_probe ip_contrack

echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
echo 1 > /proc/sys/net/ipv4/ip_forward

ip route del 203.112.13.0/26 dev eth0
ip route del 203.112.13.0/26 dev eth1
ip route add 203.112.13.1 dev eth0
ip route add 203.112.13.0/26 dev eth1

but when my  ip addr is not show what  corret like above url

my ip route just how

203.112.13.1 dev eth0 scope link
203.112.13.0/26 dev eth1 scope link
127.0.0.0/8 dev lo scope link
default via 203.112.13.1 dev eth0

my ifcfg-eth0
address 203.115.228.11
netmask 225.225.225.192
network 203.115.11.1

ifcfg-eth1
address 203.115.228.12
netmask 225.225.225.192
network      <- blank

anyone can help ?

thanks

wong










----- Original Message -----
From: "Shin Neng Wong" <snwong@nttmsc.com.my>
To: "wong" <alimsl@pc.jaring.my>
Cc: "netfilter" <netfilter@lists.samba.org>
Sent: Friday, October 19, 2001 2:52 PM
Subject: Re: Fw: routing problem


>
>
> Read the Advanced routing Howto at:
> http://www2.ds9a.nl/2.4Routing/HOWTO//cvs/2.4routing/2.4routing-howto.html
>
> there's one section about Proxy ARP.  Basically, u should just do the
following:
>
> 1) Assign an IP address to both interfaces, the 'left' and the 'right' one
> 2) Create routes so your machine knows which hosts reside on the left, and
which
>  on the right
> 3) Turn on proxy-ARP on both interfaces, echo 1 >
> /proc/sys/net/ipv4/conf/ethL/proxy_arp,
> echo 1 > /proc/sys/net/ipv4/conf/ethR/proxy_arp,
> where L and R stand for the numbers of your interfaces on the left and on
the
> right side
>
> Since RH7.1 is using kernel 2.4.x, i guess it can be done without any
additional
>  software.  But, remember to enable IP Forwarding. :)
> U don't need Squid.
>
>
>
>
>
>
> wong <alimsl@pc.jaring.my> on 10/19/2001 03:24:23 PM
>
> To:   Shin Neng Wong/NTTMSC
> cc:   netfilter <netfilter@lists.samba.org>
>
> Subject:  Re: Fw: routing problem
>
>
>
>
> hi,,
> where can i find proxy_arp ? do i need to install ? i using linux 7.1
>
> or do i need to install socks ?
> do i need to install squid proxy server ?
>
> thanks
>
> wong
>
>
>
> ----- Original Message -----
> From: "Shin Neng Wong" <snwong@nttmsc.com.my>
> To: "wong" <alimsl@pc.jaring.my>
> Cc: <ygerman@nyc.rr.com>; "netfilter" <netfilter@lists.samba.org>
> Sent: Friday, October 19, 2001 10:58 AM
> Subject: Re: Fw: routing problem
>
>
> >
> >
> > I don't think this is a NAT issue.   it's more like a routing issue.
From
> > outside, you won't be able to ping the server, 203.112.13.21, because
the
> > gateway/router doesn't see this and the firewall doesn't response on
> behalf of
> > the web server.  Try implementing proxy-arp on the firewall itself.
> Proxy-ARP
> > allows the firewall to response to packets destined for 203.112.13.21.
,
> >
> >
> >
> >
> >
> >
> > "wong" <alimsl@pc.jaring.my> on 10/19/2001 11:46:13 AM
> >
> > To:   ygerman@nyc.rr.com
> > cc:   "netfilter" <netfilter@lists.samba.org> (bcc: Shin Neng
Wong/NTTMSC)
> >
> > Subject:  Re: Fw: routing problem
> >
> >
> >
> >
> > yes is the same netmask
> >
> > currently is
> >
> > internet isp --->   switch1 ----- >  myweb server
> > i want  it to be
> >
> > internet isp  -- > switch  1 ---> firewall ---swithch 2 -> myweb server
> >
> > becouse next time if i remove the firewall  i just have to reconnect the
> > server to switch 1,
> > and i don have to change the setting on the server.
> >
> > do you know how can it do it with NAT for this ?
> >
> > thanks
> >
> > wong
> >
> >
> >
> > > > ----- Original Message -----
> > > > From: Yury German <ygerman@nyc.rr.com>
> > > > To: wong <alimsl@pc.jaring.my>
> > > > Sent: 19 October 2001 01:44 AM
> > > > Subject: Re: routing problem
> > > >
> > > >
> > > > > At 01:54 PM 10/18/01 +0800, you wrote:
> > > > > >hi
> > > > > >
> > > > > >i have some routing setup problem using iptables
> > > > on my firewall
> > > > > >
> > > > > >external ip is  203.112.13.11 eth0
> > > > > >internal  ip is 203 .112.13.12 eth1
> > > > > >
> > > > > >gateware should be 203.112.13.1
> > > > > >
> > > > > >my webserver behind firewall is 203.112.13.21
> > > > > >
> > > > > >both ip 203.115.13.11 and 203.115.13.12 is allow
> > > > me ping from outsite
> > > > > >network and have reply response.
> > > > > >
> > > > > >what is the proper setup on route or NAT ?
> > > > >
> > > > >  From a first look at this I think that the
> > > > problem is not with the
> > > > > netfilter (iptables) but instead with the way your
> > > > network is setup and
> > > > the
> > > > > subnet masks. What are the subnet masks that you
> > > > are using for all the
> > > > > interfaces?
> > > > >
> > > > > Are the masks for the external ip and the internal
> > > > ip different?
> > > > >
> > > > >
> > > >
> > >
> > >
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Make a great connection at Yahoo! Personals.
> > > http://personals.yahoo.com
> > >
> >
> >
> >
> >
> >
>
>
>
>
>