| View previous topic :: View next topic |
| Author |
Message |
Moriah
Advocate
Joined: 27 Mar 2004
Posts: 2383
Location: Kentucky
|
 Posted: Sun May 13, 2018 12:24 am Post subject: HELP - eth1 must reply to multiple arp ip addrs - SOLVED |
 |
|
I have recently changed my internet connection to a block of static ip addresses connected thru a cable modem. After much testing, I have determined that the cable modem requires an arp response to an ip address or it will not pass a packet with that address from the cable modem to the attached device. In my case, that attached device is a nice iptables firewall running on a dedicated linux box. This firewall/router is my gateway to the internet. It performs static nat for all the servers on my dmz, and masquerade for workstations on my lan, which is isolated from the dmz by a choke firewall. Thus it is a classic gateway-dmz-choke-lan architecture.
The problem I am facing is that the cable modem tries to be too smart. It insists on issuing an arp request for each of the static ip addresses assigned to me, and refuses to pass packets if the associated ip address does not reply to the arp request. I have always put such devices into bridge mode in the past, but that is not possible here because the cable modem uses a tunnelling scheme to transport the static ip address to me over an ethernet segment that those static ip addresses are not part of.
So I need to find a way to get my gateway firewall to reply to arp requests for multiple ip addresses. I have never encountered anything like this before, but Linux can do anything, right? 
I am hoping that the fancy new ip command, or maybe the arp command, can do what I want. I only have a block of 8 static ip addresses, and I only need to use 4 of them from the gateway/router.
Can anybody teach this old dog a new trick and explain how to do this?
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword
Foghorn Leghorn is a Warner Bros. cartoon character.
Last edited by Moriah on Sun May 13, 2018 12:09 pm; edited 1 time in total |
|
| Back to top |
|
 |
Moriah
Advocate
Joined: 27 Mar 2004
Posts: 2383
Location: Kentucky
|
| Posted: Sun May 13, 2018 12:08 pm Post subject: |
|
|
The answer was to use the ip command to add the additional addresses to the single ethernet nic that connects to the cable modem. The command used was:
| Code: |
ip address add <ip_address> dev <interface>
|
This command needs to be issued once for each address that needs to respond to arp requests.
This causes the ethernet port on my firewall to reply to arp requests for all the specified addresses, thus satisfying the cable modem and solving the problem.
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword
Foghorn Leghorn is a Warner Bros. cartoon character. |
|
| Back to top |
|
|
papas
Tux's lil' helper
Joined: 01 Dec 2014
Posts: 141
Location: Athens
|
| Posted: Sun May 13, 2018 6:05 pm Post subject: |
|
|
| keep in mind that it is not a permanent solution, if you reboot your machine, you have to execute it again. |
|
| Back to top |
|
|
Moriah
Advocate
Joined: 27 Mar 2004
Posts: 2383
Location: Kentucky
|
| Posted: Mon May 14, 2018 1:24 pm Post subject: |
|
|
Yes, but it is in the startup script that sets up the firewall, which runs at boot, so its automagic. 
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword
Foghorn Leghorn is a Warner Bros. cartoon character. |
|
| Back to top |
|
|
|
Networking & Security
