11.1. Proxy ARP Scripts

The proxy ARP script was written before the kernel supported proxy ARP natively. If you simply want proxy ARP to work, then you need only enable it in your 2.4 kernel. If you require more control than afforded by the kernel proxy ARP functionality and you wish to recompile iproute2 and your kernel, you can use the iproute2 extension, ip arp. Otherwise, you might try this script.

Example 11.1. Proxy ARP SysV initialization script

Download.

#! /bin/sh -
#
# proxy-arp	Set proxy-arp settings in arp cache
#
# chkconfig: 2345 15 85
# description: using the arp command line utility, populate the arp
#              cache with IP addresses for hosts on different media
#              which share IP space.
#  
# Copyright (c)2002 SecurePipe, Inc. - http://www.securepipe.com/
# 
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software Foundation, 
# Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
#
# -- written initially during 1998
#    2002-08-14; Martin A. Brown <mabrown@securepipe.com>
#      - cleaned up and commented extensively
#      - joined the process parsimony bandwagon, and eliminated
#        many unnecessary calls to ifconfig and awk
#

gripe () {  echo "$@" >&2;               }
abort () {  gripe "Fatal: $@"; exit 1;   }

CONFIG=${CONFIG:-/etc/proxy-arp.conf}
[ -r "$CONFIG" ] || abort $CONFIG is not readable

case "$1" in
  start)
        # -- create proxy arp settings according to
        #    table in the config file
        #
        grep -Ev '^#|^$' $CONFIG | {
          while read INTERFACE IPADDR ; do
            [ -z "$INTERFACE" -o -z "$IPADDR" ] && continue
            arp -s $IPADDR -i $INTERFACE -D $INTERFACE pub
          done
        }
	;;
  stop)
	# -- clear the cache for any entries in the
        #    configuration file
        #
        grep -Ev '^#|^$' /etc/proxy-arp.conf | {
          while read INTERFACE IPADDR ; do
            [ -z "$INTERFACE" -o -z "$IPADDR" ] && continue
            arp -d $IPADDR -i $INTERFACE
	  done
        }
	;;
  status)
        arp -an | grep -i perm
	;;
  restart)
	$0 stop
	$0 start
	;;
  *)
	echo "Usage: proxy-arp {start|stop|restart}"
	exit 1
esac

exit 0
#   
# - end of proxy-arp


      

Example 11.2. Proxy ARP configuration file

Download.

#  
# Proxy ARP configuration file
#
# -- This is the proxy-arp configuration file.  A sysV init script
#    (proxy-arp) reads this configuration file and creates the
#    required arp table entries.
#
# Copyright (c)2002 SecurePipe, Inc. - http://www.securepipe.com/
# 
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software Foundation, 
# Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
#
#
# -- file was created during 1998
#    2002-08-15; Martin A. Brown <mabrown@securepipe.com>
#      - format unchanged
#      - added comments
#
# -- field descriptions:
#    field 1   this field contains the ethernet interface on which
#              to advertise reachability of an IP.
#    field 2   this field contains the IP address for which to advertise
#
# -- notes
#
#    - white space, lines beginning with a comment and blank lines are ignored
#
# -- examples
#
#    - each example is commented with an English description of the
#      resulting configuration
#    - followed by a pseudo shellcode description of how to understand
#      what will happen
#
# -- example #0; advertise for 10.10.15.175 on eth1
#
# eth1 10.10.15.175
#
# for any arp request on eth1; do
#   if requested address is 10.10.15.175; then
#     answer arp request with our ethernet address from eth1 (so
#       that the reqeustor sends IP packets to us)
#   fi
# done
#
# -- example #1; advertise for 172.30.48.10 on eth0
#
# eth0 172.30.48.10
#
# for any arp request on eth0; do
#   if requested address is 172.30.48.10; then
#     answer arp request with our ethernet address from eth1 (so
#       that the reqeustor sends IP packets to us)
#   fi
# done
#
# -- add your own configuration here


# -- end /etc/proxy-arp.conf
#