Proxy Arp

Discussion:

Proxy Arp

James Roberson

2005-09-28 19:39:07 UTC

First some background. I have a multinat configuration working in monowall
(mutiple wan IP addresses to 1 or many internal IPs) so pfsense is not so
foreign to me. I've tried setting up a similar environment in pfSense
0.85.2. For simplicity, I first tried a basic http port forwarding nat
configuration. It didn't work.

I setup a virtual IP for the external IP using proxy arp (seems like the
proxy arp and server nat settings from monowall combined). Under "NAT: Port
Forward" I set the newly created VIP to point to the internal IP (checked
the box to make the rule). Everything looks like it should work but it
doesn't. I also tried 1 to 1 with no luck.

An external ethereal cap with monowall shows monowall answering arp
requests for the virtual IP. The same external capture with pfsense shows
no arp replies from pfsense. Besides the radio button on the virtual IP
menu, is there another setting for proxy arp?

Thanks

James Roberson

Scott Ullrich

2005-09-28 19:51:45 UTC

Permalink

Is choparp running on your system? ps awux | grep chop from a shell
will tell us.

Scott

Post by James Roberson
First some background. I have a multinat configuration working in monowall
(mutiple wan IP addresses to 1 or many internal IPs) so pfsense is not so
foreign to me. I've tried setting up a similar environment in pfSense
0.85.2. For simplicity, I first tried a basic http port forwarding nat
configuration. It didn't work.
I setup a virtual IP for the external IP using proxy arp (seems like the
proxy arp and server nat settings from monowall combined). Under "NAT: Port
Forward" I set the newly created VIP to point to the internal IP (checked
the box to make the rule). Everything looks like it should work but it
doesn't. I also tried 1 to 1 with no luck.
An external ethereal cap with monowall shows monowall answering arp
requests for the virtual IP. The same external capture with pfsense shows
no arp replies from pfsense. Besides the radio button on the virtual IP
menu, is there another setting for proxy arp?
Thanks
James Roberson
---------------------------------------------------------------------

James Roberson

2005-09-28 20:55:59 UTC

Permalink

Its running for the VIP, vr0 is the wan (I added the x's).

root 485 0.0 0.3 1192 764 ?? Ss 1:30PM 0:00.00
/usr/local/sbin/choparp vr0 auto xxx.xxx.149.241/27

Post by Scott Ullrich
Is choparp running on your system? ps awux | grep chop from a shell
will tell us.
Scott

---------------------------------------------------------------------

Scott Ullrich

2005-09-28 20:58:34 UTC

Permalink

Well that should be responding to proxy arp.. Weird. If you need
this working now change the virtual ip to a carp type. In the
meantime I'll run some tests.

Post by James Roberson
Its running for the VIP, vr0 is the wan (I added the x's).
root 485 0.0 0.3 1192 764 ?? Ss 1:30PM 0:00.00
/usr/local/sbin/choparp vr0 auto xxx.xxx.149.241/27

Post by Scott Ullrich
Is choparp running on your system? ps awux | grep chop from a shell
will tell us.
Scott

---------------------------------------------------------------------

James Roberson

2005-09-28 21:14:32 UTC

Permalink

I think I know what's going on. I just noticed the cidr/27. Should be /32.
The subnet is /27, but I'm pretty sure this should be /32 (255.255.255.255).

I'll check.

Post by Scott Ullrich
Well that should be responding to proxy arp.. Weird. If you need
this working now change the virtual ip to a carp type. In the
meantime I'll run some tests.

Post by James Roberson
Its running for the VIP, vr0 is the wan (I added the x's).
root 485 0.0 0.3 1192 764 ?? Ss 1:30PM 0:00.00
/usr/local/sbin/choparp vr0 auto xxx.xxx.149.241/27

Post by Scott Ullrich
Is choparp running on your system? ps awux | grep chop from a shell
will tell us.
Scott

Post by James Roberson
First some background. I have a multinat configuration working in

monowall