What is proxy arp?
When you turn on proxy arp for a network interface card (nic), then it will answer all arp requests with its own ip-address. What does this mean?
- When a computer wants to send an ip packet it first decides, wether the destination ip address is on the same LAN or the packet must be sent to a router (which must be on the same LAN).
- Before it can deliver the packet to the LAN, it must know the recipient's Ethernet MAC address.
- In order to determine the MAC address it sends an ARP broadcast package to the LAN asking "who has ip address a.b.c.d".
- Normally only the computer with that ip address answers.
- Proxy arp changes that: A computer doing proxy arp answers all ARP requests with its own MAC address.
- The asking computer retrieves the MAC address and sends the packet to that computer.
When do you need proxy arp?
Proxy arp is a solution if for some reason you cannot configure a computer or other device on the LAN to use your computer as gateway instead of another one or instead of delivering all packets locally to the LAN.
How is it turned on with Linux?
With one simple command: Let's say your nic is
eth1. The command would then be this:
# echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
Turning it off again is done by:
# echo 0 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
Checking wether it's turned on:
# cat /proc/sys/net/ipv4/conf/eth1/proxy_arp
No comments:
Post a Comment