Community discussions

MikroTik App
 
IntraLink
Member Candidate
Member Candidate
Topic Author
Posts: 113
Joined: Fri May 28, 2004 5:44 pm
Location: Utah Valley
Contact:

Proxy ARP, Still confused...

Sat Apr 02, 2005 11:07 pm

This was discussed before, but I’m still confused:

I’ve got public IP’s running through my MT box over a bridged Ethernet interface.

Since all of my client public assignments are using a MT assigned IP as their gateway I could just use proxy arp on one interface right?

Couldn’t I remove the bridge and just use two Ethernet interfaces; one external WAN and one internal and just enable proxy arp on the external to let the WAN side ISP equipment know of my public IP MAC assignments?

Or is it the internal interface I need to enable proxy ARP? Or do I still need it on both?

I’ve got lots of masqueraded IP’s on the internal network too. Will proxy ARP kill my setup in any way?

From what I understand I’ll be cleaning things up for the WAN side if I remove the bridge.

They are probably getting tons of broadcast trash from my NATed clients!

The proxy arp would just let through the ARP messages for the WAN side equipment to assign to the public IP’s, right?

I guess the WAN side would also get the ARPs for the internal NATed clients too, but they probably just ignore those address ranges anyway…
 
IntraLink
Member Candidate
Member Candidate
Topic Author
Posts: 113
Joined: Fri May 28, 2004 5:44 pm
Location: Utah Valley
Contact:

Sun Apr 03, 2005 12:04 am

Found this article that explains a few things, but the questions still remain about how this works with MT and how to set it up:

http://leaf.sourceforge.net/doc/howto/proxyarp.html
 
IntraLink
Member Candidate
Member Candidate
Topic Author
Posts: 113
Joined: Fri May 28, 2004 5:44 pm
Location: Utah Valley
Contact:

Sun Apr 03, 2005 9:20 am

This forum is not the hotspot of information it should be.

So nobody here knows anything about proxy-arp?
 
wildbill442
Forum Guru
Forum Guru
Posts: 1055
Joined: Wed Dec 08, 2004 7:29 am
Location: Sacramento, CA

Sun Apr 03, 2005 10:40 am

You made 3 posts in a 10 hour period, its a weekend, not all of us live on these forums 24x7. If you want that kind of customer service I'd be glad to sell you a support contract. :)

There was a previous post on this exact issue, answering your questions here:
http://forum.mikrotik.com/viewtopic.php?t=2542.

Here's some more information you can find from a simple search engine:

http://www.cisco.com/en/US/tech/tk648/t ... 4adb.shtml
http://www.sjdjweis.com/linux/proxyarp/
Since all of my client public assignments are using a MT assigned IP as their gateway I could just use proxy arp on one interface right?
If I understand your network configuration correctly, yes, but it all depends on what you're trying to achieve, refer to the previous mikrotik forum post.
Couldn’t I remove the bridge and just use two Ethernet interfaces; one external WAN and one internal and just enable proxy arp on the external to let the WAN side ISP equipment know of my public IP MAC assignments?
Yes this is also known as routeing and is highly recommended because it reduces broadcast traffic by shrinking collision domains and allows more control over what gets forwarded across your network. Rather than a bridge, which just stores and forwards any and all packets, and not to mention broadcast packets which get sent to every host on the bridge.

For a more detailed description of Proxy-arp refer to RFC 1027.
 
wildbill442
Forum Guru
Forum Guru
Posts: 1055
Joined: Wed Dec 08, 2004 7:29 am
Location: Sacramento, CA

Sun Apr 03, 2005 11:00 am

This is a quote from RFC 1027
The physical networks of host A and B need not be connected to the same gateway. All that is necessary is that the networks be reachable from the gateway.
Host A and B reside on different subnets.

So if you enable Proxy-ARP on one interface on the router, as long as the router ("Proxy") has a route to the destination network then Host A and B can communicate.

::EDIT::

Basically what Proxy-ARP does is responds to all arp requests and if the router has a route to that destination network it will act as a proxy and forward those packets to the appropriate network/host.

This reduces the security of your network allowing users to SPOOF IP addresses, but can also serve useful in certain applications.
 
IntraLink
Member Candidate
Member Candidate
Topic Author
Posts: 113
Joined: Fri May 28, 2004 5:44 pm
Location: Utah Valley
Contact:

Sun Apr 03, 2005 11:34 am

What, you don't live on this forum 24/7?!? :)

Thanks for the response.

In my case, do I enable proxy arp on my external interface then?

Who is online

Users browsing this forum: No registered users and 122 guests