From: Tom E. <te...@sh...> - 2003-03-25 15:20:26
|
On Tue, 25 Mar 2003, Tom Eastep wrote: > > This is a network driver or hardware problem (cable, switch, etc.) -- it > has absolutely nothing to do with Proxy ARP since communication between > the your client and the firewall doesn't involve proxy arp. > I guess that I should modify that statement slightly -- in the case of pinging the external firewall interface, the client sends an ARP "who-has" for that address (since it is in the client's configured subnetwork). Once that ARP request has been answered and the result cached (MAC address is that of the firewall interface facing the client), Proxy ARP is out of the picture until the just-created cache entry expires. So if you suffer packet loss in the meantime, it has nothing to do with Proxy ARP (or any form of ARP for that matter). Pinging the internal interface works basically the same way except that the client will ARP for its default gateway rather than for the firewall's external IP address (assuming that the two are different). Temporarily reconfigure the client to have address 192.168.2.2 with gateway 192.168.2.1and see if you don't get the same behavior. Once you have that working correctly then go back to the Proxy ARP configuration. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ te...@sh... |