ARP Problem - Please Help
Lowell Gilbert
freebsd-questions-local at be-well.no-ip.com
Thu Jul 31 17:27:33 PDT 2003
"Company 2210" <company2210 at hotmail.com> writes:
> My problem is this (and it's driving me nuts as I can't see the
> solution). I have two freebsd boxes acting as routers, the layout is like
> this:
>
>
> Clients (12.20.78.0/25) <----->(eth0) ROUTER A (eth1)<=======> (eth1) ROUTER
> B (eth0) <----> (12.20.65.69) Upstream ISP & Internet
>
> Router A Configuration:
>
> eth0: 12.20.78.1 Subnet 255.255.255.128
> eth1: 10.0.0.1 Subnet 255.255.255.0
>
> Router B Configuration:
>
> eth0: 12.20.65.70 Subnet 255.255.255.252
> eth1: 10.0.0.2 Subnet 255.255.255.0
>
>
> The private IP's denote an IPSEC VPN connection (Wireless) between ROUTER A
> & B, all the client PC's are on public IP's. Now, the VPN works perfectly,
> encrypting the packets over the wireless link, however ROUTER A's eth0
> interface does not appear in the arp -a lookup:
>
> ? (10.0.0.1) at 00:05:5d:a6:15:78 on eth1 permanent [ethernet]
> ? (10.0.0.2) at 00:c0:dd:ea:ac:5c on eth1 [ethernet]
> ? (12.20.78.0) at ff:ff:ff:ff:ff:ff on eth0 permanent [ethernet]
> ? (12.20.78.2) at 00:0c:cd:53:d9:f3 on eth0 [ethernet]
> ? (12.20.78.42) at 00:9a:17:90:d3:b4 on eth0 [ethernet]
> ? (12.20.78.52) at 00:2b:18:2e:22:21 on eth0 [ethernet]
> ? (12.20.78.127) at ff:ff:ff:ff:ff:ff on eth0 permanent [ethernet]
Those look like entries for all the local nets...
> If I try and force the entry, I receive the following error:
>
> routera# arp -s 12.20.78.1 00:0c:5d:e6:16:75
> set: can only proxy for 12.20.78.1
Router B shouldn't need that, because it isn't on that link, and
Router A shouldn't need it because it *is* 12.20.78.1. What are you
trying to do?
> The big problem this is causing is that clients cannot ping the gateway, and
> it responds to no requests (i.e I can't ssh into it), but it still forwards
> packets perfectly. Basically it's like 12.20.78.1 was invisible. The other
> strange thing is, that if I ssh into ROUTER B and ping 12.20.78.1 I receive
> replies:
What host and gateway addresses are you referring to in the first
sentence, and why are you surprised by the second?
> routerb# ping 12.20.78.1
> PING 12.20.78.1 (12.20.78.1): 56 data bytes
> 64 bytes from 12.20.78.1: icmp_seq=0 ttl=64 time=3.577 ms
> 64 bytes from 12.20.78.1: icmp_seq=1 ttl=64 time=3.724 ms
> 64 bytes from 12.20.78.1: icmp_seq=2 ttl=64 time=3.817 ms
> ^C
> --- 12.20.78.1 ping statistics ---
> 3 packets transmitted, 3 packets received, 0% packet loss
> round-trip min/avg/max/stddev = 3.577/3.706/3.817/0.099 ms
>
>
> The output of ROUTER B's arp table is displayed below:
>
> ? (10.0.0.1) at 00:05:5d:a6:15:78 on eth1 [ethernet]
> ? (10.0.0.2) at 00:c0:dd:ea:ac:5c on eth1 permanent [ethernet]
> ? (12.20.65.69) at 00:d0:03:ba:bb:fc on eth0 [ethernet]
>
>
> I am completely at a loss as to how to get around this problem. Any help or
> advice would be really great as I've spend the past 3 days, and the floor is
> littered with tufts of hair ;) Just incase this is any help, this is the
> output from setkey -DP (For encrypting the packets across the 10.0.0.x link)
> on each router:
>
> ROUTER A:
>
> 0.0.0.0/0[any] 12.20.78.0/25[any] any
> in ipsec
> esp/tunnel/10.0.0.2-10.0.0.1/require
> spid=2 seq=1 pid=778
> refcnt=1
> 12.20.78.0/25[any] 0.0.0.0/0[any] any
> out ipsec
> esp/tunnel/10.0.0.1-10.0.0.2/require
> spid=1 seq=0 pid=778
> refcnt=1
>
> ROUTER B:
>
> 12.20.78.0/25[any] 0.0.0.0/0[any] any
> in ipsec
> esp/tunnel/10.0.0.1-10.0.0.2/require
> spid=8 seq=1 pid=24377
> refcnt=1
> 0.0.0.0/0[any] 12.20.78.0/25[any] any
> out ipsec
> esp/tunnel/10.0.0.2-10.0.0.1/require
> spid=7 seq=0 pid=24377
> refcnt=1
I don't really get the "eth0" nomenclature, anyway; I've seen it on
Linux, where the device type is abstracted behind a common name, but I
don't know what it means in a FreeBSD setup...
More information about the freebsd-questions
mailing list