NetBSD rules - Go to the first, previous, next, last, above section, table of contents.

5.14 What is proxy-arp, how do I use it?

Imagine the following situation: you want to hook up a machine connected via a serial line to a network, and you want to reach the machine connected via that point-to-point link from the outside net.

See the picture below for an example. The problem here is that no host on the ethernet knows to forward packets destines for noon to dusk. The solution for this problem is to let dusk answer queries about noon's network (hardware) address by sending its own hardware address, and so getting noon's packets. This mechanism of advertising someone else's IP-number via the own hardware address is called proxy arp.

       |                       Ethernet
                     | SLIP/PPP

In this picture SOMEBOX is some random host, e.g. your gateway. DUSK is your machine acting as a gateway, and NOON is your friend's box connected through a serial line. You notice that the two machines need both two ip numbers. the 132.199-number for the 'outside world' traffic, the 10-net (which is by definition a non-routed network used for such internal nets only) for the point-to-point-connection between your two machines.

First, setup the PPP or SLIP connection between the two machines using either SLIP or PPP. I guess you'll get that. NOONs default-router (`/etc/mygate') will be

Make sure you can ping from NOON and from DUSK.

Next, assign the second IP-number to NOONs SLIP/PPP-interface via some 'ifconfig alias': "ifconfig sl0/ppp0 inet alias ; route add localhost" or some such.

Tell DUSK how to reach route add

Make sure you can ping from DUSK.

Next, set up DUSKs ethernet-interface properly. No big deal here, too. Your default router (`/etc/mygate') on DUSK is the usual gateway for the ethernet.

See if you can ping from NOON. Should work.

Ping some other box, e.g. SOMEBOX. From DUSK this should work, from NOON it shouldn't. (Rather, the ping should get out to the host you ping, but the ping reply won't get back to noon; try debugging with tcpdump on DUSK's le0 or sl0/ppp0).

Next, get DUSK to answer ARP-requests for NOON (this is the proxy arp thing). In order to get this work you need DUSKs ethernet-address, which you get during boot, from dmesg, from netstat -ina, or by reading the docs on your card. Then, issue the following command: arp -s <dusk's-ethernet-address>.

If I didn't forget anything, that's it. DUSK should take ip-packets meant for NOON and send them on to NOON. Try it and tell me if it works. I think you'll get how to set this up to get automated from the default `/etc/rc*'-scripts etc.

NetBSD rules - Go to the first, previous, next, last, above section, table of contents.