Firewalls: Re: ARP servers

Firewalls
(November 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: ARP servers
From:	Jason Harper <security @ truedesign . com>
Date:	Wed, 26 Nov 1997 10:58:47 -0700 (MST)
To:	Ed Sawicki <ed @ alcpress . com>
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<199711261521 . 00000025 @ ns . alcpress . com>


On Wed, 26 Nov 1997, Ed Sawicki wrote:

> I notice that some Unix hosts allow for the publishing
> of one or more hosts in their ARP tables using the "pub"
> parameter in a "arp -s" command. This allows the host
> to respond to ARP requests on behalf of other hosts.

This is called proxy arp.

> 1. Under what conditions is this useful?

I have used this before in the following:

Internet----our border router--ethernet----->
                                  |
                               my unix
                                 box    ----- modem dialup link to my house

where my unix box at work was allowing me to dialin from home. i used arp -s
to publish 2 or 3 extra ips on the ethernet, then routed them out the ppp
link.  In fact, pppd has a proxyarp command line option that does this, but
only for the IP at the other end of the ppp link; you must still use the arp
-s command to do proxy arping for other IPs you want to route out the ppp
(as well as entering static host routes for those IPs in the system routing
table, and make sure IP forwarding/gatewaying is on)

Jason

References:

ARP servers
From: "Ed Sawicki" <ed @ alcpress . com>

Indexed By Date	Previous:	Re: FireWall Questions. From: Oliver Lau <lau @ skp . de>
Indexed By Date	Next:	Re: Network Address Translation Security From: Jesse Brown <bextreme @ pobox . com>
Indexed By Thread	Previous:	ARP servers From: "Ed Sawicki" <ed @ alcpress . com>
Indexed By Thread	Next:	Re: ARP servers From: Chris Brenton <cbrenton @ sover . net>