Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
HELP - eth1 must reply to multiple arp ip addrs - SOLVED
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Moriah
Advocate
Advocate


Joined: 27 Mar 2004
Posts: 2055
Location: Kentucky

PostPosted: Sun May 13, 2018 12:24 am    Post subject: HELP - eth1 must reply to multiple arp ip addrs - SOLVED Reply with quote

I have recently changed my internet connection to a block of static ip addresses connected thru a cable modem. After much testing, I have determined that the cable modem requires an arp response to an ip address or it will not pass a packet with that address from the cable modem to the attached device. In my case, that attached device is a nice iptables firewall running on a dedicated linux box. This firewall/router is my gateway to the internet. It performs static nat for all the servers on my dmz, and masquerade for workstations on my lan, which is isolated from the dmz by a choke firewall. Thus it is a classic gateway-dmz-choke-lan architecture.

The problem I am facing is that the cable modem tries to be too smart. It insists on issuing an arp request for each of the static ip addresses assigned to me, and refuses to pass packets if the associated ip address does not reply to the arp request. I have always put such devices into bridge mode in the past, but that is not possible here because the cable modem uses a tunnelling scheme to transport the static ip address to me over an ethernet segment that those static ip addresses are not part of.

So I need to find a way to get my gateway firewall to reply to arp requests for multiple ip addresses. I have never encountered anything like this before, but Linux can do anything, right? :wink:

I am hoping that the fancy new ip command, or maybe the arp command, can do what I want. I only have a block of 8 static ip addresses, and I only need to use 4 of them from the gateway/router.

Can anybody teach this old dog a new trick and explain how to do this?
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword

Foghorn Leghorn is a Warner Bros. cartoon character.


Last edited by Moriah on Sun May 13, 2018 12:09 pm; edited 1 time in total
Back to top
View user's profile Send private message
Moriah
Advocate
Advocate


Joined: 27 Mar 2004
Posts: 2055
Location: Kentucky

PostPosted: Sun May 13, 2018 12:08 pm    Post subject: Reply with quote

The answer was to use the ip command to add the additional addresses to the single ethernet nic that connects to the cable modem. The command used was:

Code:

ip address add <ip_address> dev <interface>


This command needs to be issued once for each address that needs to respond to arp requests.

This causes the ethernet port on my firewall to reply to arp requests for all the specified addresses, thus satisfying the cable modem and solving the problem.
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword

Foghorn Leghorn is a Warner Bros. cartoon character.
Back to top
View user's profile Send private message
papas
n00b
n00b


Joined: 01 Dec 2014
Posts: 59
Location: Athens

PostPosted: Sun May 13, 2018 6:05 pm    Post subject: Reply with quote

keep in mind that it is not a permanent solution, if you reboot your machine, you have to execute it again.
Back to top
View user's profile Send private message
Moriah
Advocate
Advocate


Joined: 27 Mar 2004
Posts: 2055
Location: Kentucky

PostPosted: Mon May 14, 2018 1:24 pm    Post subject: Reply with quote

Yes, but it is in the startup script that sets up the firewall, which runs at boot, so its automagic. 8)
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword

Foghorn Leghorn is a Warner Bros. cartoon character.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum