It appears that Proxy ARP on a MT Minirouter 150 running v3.30 is not responding as expected.

The configuration is simple with a private 192.168.5.x/24 address configured on Eth 1 and a public IP address configured on Eth 2.
It is configured for PPTP with a remote address of 192.168.5.10 and a local address of 192.168.5.11
There is a Default Gateway 0.0.0.0/0 configured to point to the public IP address
To get the PPTP connection to work correctly Proxy ARP is enabled on Eth1

The issue is that the MT is responding to ARP requests for all network addresses it sees on Eth1. I have proved that this is due to the default gateway that is configured. If that is removed and a single route is inserted everything works fine.

Reading the specs my understanding is that the router should not respond for the default gateway routes as this means it would respond to every ARP request and in fact this is what it appears to be doing.

Can anyone comment on this please and what I might be able to correct this.

Thanks

AFAIR, ARP Proxy responds to any request on the interface if there's no route to the request's address via that interface. default route is not excluded

Thanks for your response Chupaka. My issue here is that according to RFC 1027 it should not respond to a default route. See the extract below.

"In 4.3BSD (and probably in other operating systems), a default route
is possible. This default route specifies an address to forward a
packet to when no other route is found. The default route must not
be used when checking for a route to the target host of an ARP
request."

I have in fact found a work around by manually declaring the routes I do not want it to respond to on the public interface as not available but I don't believe it should be responding anyway

Thanks

I have in fact found a work around by manually declaring the routes I do not want it to respond to on the public interface as not available but I don't believe it should be responding anyway

mmm... an example, please?..

btw, I think you may create a bridge, add single bridge port = your interface, and then use Bridge Filter to filter out unnecessary ARP requests

Not sure by what you mean by an example.

The situation I have described is a classic example.

You have a router on a network that is working as a PPTP VPN Server. This device has a public interface for logging in from the internet and a private interface to access the local network through the VPN. This is the only service it should provide. It needs a default route of 0.0.0.0/0 pointing to the internet so that you can access it from any Internet IP address and needs a proxy arp so that you can access all the devices on the local network.

The local network has a primary gateway for all its internet traffic that is separate to the VPN server. The problem is that the VPN server responds to any ARP request on the internal network and hijacks the main internet traffic. I have resolved this by adding the primary internet IP address as an unobtainable route on the VPN server.

I just don't think that Proxy-Arp should be responding to the default route.