From nobody@FreeBSD.ORG  Sat Oct  7 14:32:37 2000
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id D884F37B503; Sat,  7 Oct 2000 14:32:37 -0700 (PDT)
Message-Id: <20001007213237.D884F37B503@hub.freebsd.org>
Date: Sat,  7 Oct 2000 14:32:37 -0700 (PDT)
From: bdluevel@heitec.net
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@FreeBSD.org
Subject: ARP proxy feature lacks documentation
X-Send-Pr-Version: www-1.0

>Number:         21826
>Category:       docs
>Synopsis:       ARP proxy feature lacks documentation
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bms
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Oct 07 14:40:00 PDT 2000
>Closed-Date:    Tue Aug 16 20:10:09 GMT 2005
>Last-Modified:  Tue Aug 16 20:10:09 GMT 2005
>Originator:     Bernd Luevelsmeyer
>Release:        4.1.1-STABLE
>Organization:
Heitec AG
>Environment:
FreeBSD tostan.admin.er.heitec.net 4.1.1-STABLE
FreeBSD 4.1.1-STABLE #7: Thu Oct 5 16:59:38 CEST 2000
root@:/usr/src/sys/compile/TOSTAN  i386
>Description:
Wanting to set up an "arp proxy", I remembered to have seen an entry
"arpproxy_all" in /etc/defaults/rc.conf. I couldn't find how to use
it though, all I found was "If set to YES then enable global proxy ARP"
in rc.conf(5). Looking for the sysctl variable
"net.link.ether.inet.proxyall" didn't reveal much either, nor did
reading about related topics such as arp(8), bridge(4) and others.
Experimenting with various combinations of "arp -s" and gateway
settings was not successfull.
As a consequence, I'm sure an ARP proxy can be set up somehow on
FreeBSD but I fail to find out how it's done.

>How-To-Repeat:
Read handbook, FAQ, man pages, and try to find how to make a FreeBSD
machine act as a ARP proxy.
>Fix:
I request that the rc.conf manpage be enhanced for "arpproxy_all",
or that a chapter in the handbook be devoted to the arp proxy topic.

>Release-Note:
>Audit-Trail:

From: Brooks Davis <brooks@one-eyed-alien.net>
To: bdluevel@heitec.net
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: docs/21826: ARP proxy feature lacks documentation
Date: Sat, 7 Oct 2000 15:39:41 -0700

 On Sat, Oct 07, 2000 at 02:32:37PM -0700, bdluevel@heitec.net wrote:
 > Wanting to set up an "arp proxy", I remembered to have seen an entry
 > "arpproxy_all" in /etc/defaults/rc.conf.
 
 Depending on what you want to accomplish, the choparp port may do what
 you want.
 
 -- Brooks
 
 -- 
 Any statement of the form "X is the one, true Y" is FALSE.
 

From: Bernd Luevelsmeyer <bernd.luevelsmeyer@heitec.net>
To: Brooks Davis <brooks@one-eyed-alien.net>
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: docs/21826: ARP proxy feature lacks documentation
Date: Sun, 08 Oct 2000 03:07:22 +0200

 Brooks Davis wrote:
 > 
 > On Sat, Oct 07, 2000 at 02:32:37PM -0700, bdluevel@heitec.net wrote:
 > > Wanting to set up an "arp proxy", I remembered to have seen an entry
 > > "arpproxy_all" in /etc/defaults/rc.conf.
 > 
 > Depending on what you want to accomplish, the choparp port may do what
 > you want.
 
 Thanks. I tried that already, to no avail. The gateway answered ARP
 requests as intended but didn't forward the traffic, just as with 'arp
 -s'.
 Hence, the documentation issue about the /etc/rc.conf feature
 "arpproxy_all" remains.
 
 
 Greetings,
 	Bernd
 

From: Brooks Davis <brooks@one-eyed-alien.net>
To: Bernd Luevelsmeyer <bernd.luevelsmeyer@heitec.net>
Cc: Brooks Davis <brooks@one-eyed-alien.net>,
	freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: docs/21826: ARP proxy feature lacks documentation
Date: Sat, 7 Oct 2000 18:26:34 -0700

 On Sun, Oct 08, 2000 at 03:07:22AM +0200, Bernd Luevelsmeyer wrote:
 > Thanks. I tried that already, to no avail. The gateway answered ARP
 > requests as intended but didn't forward the traffic, just as with 'arp
 > -s'.
 > Hence, the documentation issue about the /etc/rc.conf feature
 > "arpproxy_all" remains.
 
 Err, what do you want to do?  ARP proxying is just to allow a gateway to
 lie to hosts who's idea of network layout doesn't match reality.  The
 gateway must handle packet forwarding seperatly.
 
 Clearly this needs to be documented, but I'm not sure you're looking for
 the right thing.
 
 -- Brooks
 
 -- 
 Any statement of the form "X is the one, true Y" is FALSE.
 

From: Bernd Luevelsmeyer <bernd.luevelsmeyer@heitec.net>
To: Brooks Davis <brooks@one-eyed-alien.net>
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: docs/21826: ARP proxy feature lacks documentation
Date: Sun, 08 Oct 2000 05:14:12 +0200

 Brooks Davis wrote:
 > 
 > On Sun, Oct 08, 2000 at 03:07:22AM +0200, Bernd Luevelsmeyer wrote:
 > > Thanks. I tried that already, to no avail. The gateway answered ARP
 > > requests as intended but didn't forward the traffic, just as with 'arp
 > > -s'.
 > > Hence, the documentation issue about the /etc/rc.conf feature
 > > "arpproxy_all" remains.
 > 
 > Err, what do you want to do?  ARP proxying is just to allow a gateway to
 > lie to hosts who's idea of network layout doesn't match reality.  The
 > gateway must handle packet forwarding seperatly.
 
 Yes, essentially by having several interfaces and setting
 "gateway_enable" in /etc/rc.conf .
 Initially, I thought I'd get what I want by setting both
 "gateway_enable" and "arpproxy_all" to "YES". Then I realized I'd
 somehow have to configure which addresses I wanted to have proxied, and
 thought I could do that with "arp -s" commands in /etc/rc.local . With
 these three simple steps, me thought, I could get things handled quite
 easily.
 
 
 > Clearly this needs to be documented, but I'm not sure you're looking for
 > the right thing.
 
 I wanted this thing: The gateway should announce the machines on its
 "inner" interface to the "outer" interface, so that, from the outside,
 the gateway would appear to have all the inner addresses itself. So, the
 gateway would receive all the traffic that was intended for the "inner"
 machines, and it should then forward the packages to the really intended
 "inner" machines.
 
 The matter is, I couldn't get this to work. I could get the arp proxy
 functionality, or the gateway functionality; but not both at the same
 time. As soon as the proxy-arping was working, the machine wouldn't
 forward the traffic from the outside to the inside any more.
 I used 'arp -s' commands to set up the arp proxy. I also tried
 'choparp', but only shortly. I concentrated on 'arp -s' and the
 "arpproxy_all" variable in /etc/rc.conf , because I wouldn't want to
 trust a port if the system has the functionality by itself already.
 
 I assume an arp proxy on a gateway is possible. Since the arp proxy
 features of FreeBSD are not documented at all (except for a short
 sentence in rc.conf(5)), I assume that I didn't get it right because of
 a docu lack. Hence, the PR about lacking documentation.
 
 Please see the thread "arp proxy" in freebsd-questions, where Christ J.
 Clark does his best to help me. His "no docs on a sysctl switch!
 *SHOCK*" gave me the idea of creating the PR btw..
 
 
 Greetings,
 	Bernd
 

From: Brooks Davis <brooks@one-eyed-alien.net>
To: Bernd Luevelsmeyer <bernd.luevelsmeyer@heitec.net>
Cc: Brooks Davis <brooks@one-eyed-alien.net>,
	freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: docs/21826: ARP proxy feature lacks documentation
Date: Sat, 7 Oct 2000 21:56:22 -0700

 On Sun, Oct 08, 2000 at 05:14:12AM +0200, Bernd Luevelsmeyer wrote:
 > I wanted this thing: The gateway should announce the machines on its
 > "inner" interface to the "outer" interface, so that, from the outside,
 > the gateway would appear to have all the inner addresses itself. So, the
 > gateway would receive all the traffic that was intended for the "inner"
 > machines, and it should then forward the packages to the really intended
 > "inner" machines.
 
 I've got a version of that set up at home.  You can definatly do it
 with choparp.  Assuming the addresses you want to proxy are in a block
 which could theoreticaly be subnetted (i.e. properly aligned and sized)
 then you can do this fairly easily.  I've got a setup where I've got 16
 IPs within a /24 subnet from my ISP.  I simply configured my box with
 the outside interface set up like normal on the /24 net and the inside
 interface on the /28 net consisting of my IP addresses.  I then use
 choparp to proxy the entire /28 subnet on the outside interface.  With
 forwarding enabled my other hosts think they are on a /28 subnet and
 everything just works.
 
 > Please see the thread "arp proxy" in freebsd-questions, where Christ J.
 > Clark does his best to help me. His "no docs on a sysctl switch!
 > *SHOCK*" gave me the idea of creating the PR btw..
 
 I don't read -questions.  My pain tolerance isn't that high. ;-)  I did
 dig your message up on Geo Crawler and it looks like your situation is
 virtualy identical to mine so choparp should do it.  If you're addresses
 aren't aligned, then you're may have to do some weird things, but it
 should be possiable to make it work.
 
 -- Brooks
 
 -- 
 Any statement of the form "X is the one, true Y" is FALSE.
 
Responsible-Changed-From-To: freebsd-doc->wollman 
Responsible-Changed-By: ru 
Responsible-Changed-When: Tue Jun 26 01:40:55 PDT 2001 
Responsible-Changed-Why:  
Garrett, please document your changes in if_ether.c,v 1.4. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=21826 
Responsible-Changed-From-To: wollman->bms 
Responsible-Changed-By: bms 
Responsible-Changed-When: Wed Jun 16 06:14:25 GMT 2004 
Responsible-Changed-Why:  
I'll take this 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21826 
State-Changed-From-To: open->patched 
State-Changed-By: bms 
State-Changed-When: Wed Jun 16 06:16:34 GMT 2004 
State-Changed-Why:  
An appropriate fix has been committed to HEAD. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21826 
State-Changed-From-To: patched->closed 
State-Changed-By: matteo 
State-Changed-When: Tue Aug 16 20:09:41 GMT 2005 
State-Changed-Why:  
Fixed and MFC'ed 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21826 
>Unformatted:
