Re: [Shorewall-users] ProxyArping with massive packetloss...

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Tue, 25 Mar 2003, Tom Eastep wrote:

> 
> This is a network driver or hardware problem (cable, switch, etc.) -- it
> has absolutely nothing to do with Proxy ARP since communication between 
> the your client and the firewall doesn't involve proxy arp.
>

I guess that I should modify that statement slightly -- in the case of
pinging the external firewall interface, the client sends an ARP "who-has"
for that address (since it is in the client's configured subnetwork). Once
that ARP request has been answered and the result cached (MAC address is
that of the firewall interface facing the client), Proxy ARP is out of the
picture until the just-created cache entry expires. So if you suffer
packet loss in the meantime, it has nothing to do with Proxy ARP (or any
form of ARP for that matter).

Pinging the internal interface works basically the same way except that 
the client will ARP for its default gateway rather than for the firewall's 
external IP address (assuming that the two are different).

Temporarily reconfigure the client to have address 192.168.2.2 with
gateway 192.168.2.1and see if you don't get the same behavior. Once you 
have that working correctly then go back to the Proxy ARP configuration.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.sf.net
Washington USA  \ te...@sh...