[ previous ] [ next ] [ threads ]
 From:  "Daniel L. Hunter" <dhunter at TechMethods dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] DHCP Weirdness
 Date:  Sat, 12 Feb 2005 13:07:06 -0500
I think I figured out the problem...I misunderstood the purpose of Proxy 
ARP.  I added a range of my WAN side addresses in Proxy ARP table that 
were not being used by the firewall.  If I now understand correctly the 
purpose of Proxy ARP, only addresses that are being used as servers and 
NATed to a LAN address should be entered into the Proxy ARP table...is 
that correct?

Isn't there a more elegant way to implement Proxy ARP?  Why can't an 
entry be added in the Proxy ARP table automatically when a Server NAT 
entry is added (like adding a new rule automatically when adding an 
inbound NAT rule)?  For a networking novice like me, it sure would have 
been nice for this to be a little more idiot-proof.



Chris Buechler wrote:

>On Thu, 10 Feb 2005 10:44:13 -0500, Daniel L. Hunter
><dhunter at techmethods dot com> wrote:
>>First, please forgive my ignorance.  I'm a programmer, not a network
>>guy.  And before I get flamed, I did search the archives and didn't find
>>anything relevant to my problem.
>>I'm testing out m0n0wall on a WRAP board.  During this testing phase
>>there is only one machine on the LAN side while the rest of my network
>>(~ 10 machines) is on the WAN side.  I have a DSL connection using an
>>Efficient 5861 DMT Router.  DHCP is enabled on the DSL router.  Several
>>of the machines on the WAN side are getting their IP from the DSL DHCP
>>server.  The WAN interface on the m0n0wall is set up as Type=Static.
>>The DHCP server on the m0n0wall is not enabled.  In other words, I don't
>>want m0n0wall to have anything to do with distributing IP addresses.
>>M0n0wall's WAN interface has a static IP address as will the machines on
>>the LAN side.
>>The problem I'm having is that when the m0n0wall is connected to the
>>network, it seems to take all of the leases from the DSL DHCP server and
>>knock the rest of the  DHCP enabled machines on the WAN side off the
>Somebody posted something similar within the past couple months, iirc.
> I don't believe any answer was given.  Can't say that I've seen it
>myself.  I believe the other person that reported this was using DHCP
>on the WAN, which makes this at least a little more feasible.
>Have you been able to sniff the network to see what's going on?  If
>you can tcpdump to a file while it's doing this and email me the data,
>maybe I can see something in the output.
>Technically this shouldn't be feasible.  Even if m0n0wall requested an
>IP from DHCP a billion times, the DHCP server should only give it one
>since it should always be requested from the same MAC address.


Daniel L. Hunter
TechMethods, LLC
(p) 304-876-9103
(f) 304-876-9203
dhunter at TechMethods dot com