Re: how to see manually specified proxy arp entries using "ip neigh"

Julian Anastasov (ja@ssi.bg)
Sat, 20 Oct 2001 19:56:47 +0000 (GMT)


Hello,

Andrey Savochkin wrote:

> Well, what I want is to make the host an arp "proxy" on all interfaces for
> all addresses reachable through devX. I do not want to mess with how
> customer configures all other interfaces.
> Right now all routes to devX are /32, for all of them proxy arp entries are
> created by the same script, and all are happy.
>
> How can it be done better?
> New mechanism of fine-grained control over proxy arp? :-)

I can tell you what Alexey and Andrey will answer on netdev :)
Make proxyarp a route flag. When arp_filter is not suitable for filtering
non-local input routes you can also solve the problem with the route's
noarp flag (known in netdev). The proxyarp flag for route can allow
the feature to work even on one device (indev==outdev) may be for NAT
purposes), probably running send_redirects=0 (send_redirects is another
candidate for a route flags). Of course, the target hosts should filter
these ARP probes with a simple rp_filter policy, only our box should
reply. We need only space for route flags and imagination :)

Regards

--
Julian Anastasov <ja@ssi.bg>

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/