Newsgroups: comp.os.linux.networking Subject: A Guide on Using SLIP with ProxyARP... Summary: A Guide on How to use SLIP with Proxy ARP to connect two networks. Followup-To: Distribution: Organization: California Institute of Technology, Pasadena Keywords: proxyARP ARP router slip ethernet route tables guide Cc: [author's note: This document is not a Linux HOWTO since it has not been approved or submitted through "proper" channels. Actually it would not likely be approved if it were submitted since it discusses topics that are covered to some extent in various existing Linux HOWTOs. The contributions of this document are that it presents relevant information together in one place and it gives a concrete example based on an existing (functioning) network.] December 21, 1994 John W. Garnett (garnett@compbio.caltech.edu) Copyright 1994 Version 1 source: actlab.rtf.utexas.edu:/pub/Linux/docs/slip_router_guide.txt (ftp) A Guide on Using SLIP with ProxyARP to Attach to the Internet Recently, I succeeded in incorporating two Linux machines on a local ethernet (at home) into the Internet by using a SLIP router and Proxy ARP. One of the two Linux machines maintains a SLIP connection with a machine at work which is connected to the Intennet via Ethernet. Both of the two Linux boxes are able to connect via IP/TCP (telnet, ftp, rlogin, World Wide Web, etc) to any Internet host (given that the host is accepting connections) and vice versa. Disclaimer: Yes, I know many other people have also figured out how to do this but judging by the number of USENET posts on the subject far from everyone has it figured out. Hopefully this document will remove some of the trial and error from the process. This document assumes that you have been able to setup a SLIP connection between two machines (e.g. one machine at home and one at work) but need information on how to set up the routing tables (including Proxy ARP) to allow the machines on the local network to connect to the rest of the Internet and vice versa. If you need help setting up a SLIP client, see the following documents: NET-2-HOWTO by Terry Dawson (available in the HOWTO directory of sunsite.unc.edu), and "A (client) SLIP Guide for Linux" by John Garnett (available as slip_client_guide.txt via anonymous ftp on actlab.rtf.utexas.edu in the /pub/Linux/docs directory). Both of these documents will also point you to additional resources. If you need help setting up a SLIP server, read NET-2-HOWTO, the 'dip' README and the 'dip' man page -- see the section of the dip man page that describes diplogin and /etc/diphosts (dip is available from the /pub/Linux/system/Network/serial directory of sunsite.unc.edu -- I used dip-uri). These are the conditions that determined the choices that I made: 1) My UNIX(tm) computer at work is directly on the Internet (at T1 speeds or better). 2) The only Internet addresses available to me had the same network number as the Internet addresses used by the machines at work. Usually two machines having the same network number (with different host numbers) have to be on the same physical subnet in order to communicate. ProxyARP provides a way around this restriction. It allows a machine on physical network "A" to serve as a "proxy" for machines that are on some other physical network "B" (different from "A"). To the other machines on network "A", the machines on network "B" appear as if they were directly connected to network "A". For those who are interested in more detailed description of ProxyARP and Internet addresses in general, I recommend Al Longyear's note titled "A small treatise on the use of ProxyARP" (this note was posted to USENET group comp.os.linux.announce so you will be able to find it in the archives). Also check out Terry Dawson's latest NET-2-HOWTO. 3) The monthly costs needed to be reasonably low (the lower the better -- I have a computer hardware habit to feed!). Here are how these conditions guided my choices: 1) Since I had access to a computer on the Internet that is a local phone call away, I decided to use SLIP (which implements the IP/TCP protocol over a serial line including modems lines) to connect the local network to the Internet. 2) I used Proxy ARP on the Internet side of the SLIP connection. Note that for those who aren't limited to using addresses from a single subnet, ProxyARP may not be the most straightforward solution. If you decide not to use ProxyARP then this document may not be of much use to you. In such a case, read the NET-2-HOWTO and the _Network Administrators' Guide_ for relevant information. 3) I ordered a "measured-service" POTS (plain old telephone service) line from the local telephone company. Measured-service lines have low monthly costs (e.g. mine is approximately $5 per month) because local outgoing calls are toll calls. However, I was able to configure the machine at work to call the machine at home, so I need not make any outgoing calls on the measured-service line. Here are the details of the networks and machines with which I was dealing: The network looks something like this: Linux Router (helix) <---ethernet (at home)---> Other Linux Box (shibumi) | S L I P | UNIX-box-on-Internet (gestalt) <--ethernet (at work)--> Rest of the Internet The machines on the network at work have class B addresses on network 172.16. This network has a subnetmask of 255.255.255.0 so that the effective network address is 172.16.170. Examples of addresses on this network are 172.16.170.154, 172.16.170.161, etc. o Here are the contents of the /etc/hosts file on helix: # For loopbacking. 127.0.0.1 localhost # Linux router on the local network (ethernet interface) 172.16.170.166 helix.foo.caltech.edu helix # Linux router on the local network (SLIP interface) 172.16.170.167 helix-slip.foo.caltech.edu helix-slip # Other Linux box on the local network (ethernet interface) 172.16.170.168 shibumi.foo.caltech.edu shibumi # UNIX-box-on-Internet serving as a router (ethernet interface) 172.16.170.170 gestalt.foo.caltech.edu gestalt # UNIX-box-on-Internet serving as a router (SLIP interface) 172.16.170.171 gestalt-slip.foo.caltech.edu gestalt-slip # Default Gateway and nameserver on the network at work. 172.16.170.154 bioserv.foo.caltech.edu bioserv o Here are the contents of /etc/resolv.conf on helix and shibumi: domain foo.caltech.edu nameserver 172.16.170.154 o Here is the output of the 'netstat -r' command on helix (when the SLIP connection is up): Destination Gateway Genmask Flags Metric Ref Use Iface gestalt-slip.fo * 255.255.255.255 UH 0 0 13414 sl0 shibumi.foo * 255.255.255.255 UH 0 0 13065 eth0 127.0.0.0 * 255.0.0.0 U 0 0 40 lo default gestalt-slip.fo 0.0.0.0 UG 0 0 26557 sl0 o Here is the output of the 'netstat -r' command on shibumi: Destination Gateway Genmask Flags Metric Ref Use Iface helix.foo.calte * 255.255.255.255 UH 0 0 637 eth0 127.0.0.0 * 255.0.0.0 U 0 0 228829 lo default helix.foo.calte 0.0.0.0 UG 0 0 13139 eth0 o Here is the output of the 'netstat -r' command on gestalt: Destination Gateway Flags Refs Use Interface shibumi helix-slip UGH 0 15768 slip0 gestalt gestalt UH 2 252 lo0 gestalt-slip gestalt UH 0 0 lo0 helix helix-slip UGH 0 946 slip0 helix-slip gestalt-slip UH 1 8546 slip0 default bioserv UG 1 29664 en0 172.16.170 gestalt U 4 20535 en0 o Here is the output of the 'arp -a' command on gestalt (gestalt's ethernet adapter has hardware address f:0:b:f1:0:1). helix.foo.caltech.edu (172.16.170.166) at f:0:b:f1:0:1 permanent pub helix-slip.foo.caltech.edu (172.16.170.167) at f:0:b:f1:0:1 permanent pub shibumi.foo.caltech.edu (172.16.170.168) at f:0:b:f1:0:1 permanent pub bioserv.foo.caltech.edu (172.16.170.154) at 0:8:12:20:77:34 A brief discussion on how to manipulate the routing table and ARP table follows (for more information read the 'route' and 'arp' man pages). To add a line to the routing table (shown via the 'netstat -r' command), use a command like this (this example was executed on shibumi): /sbin/route add helix gw shibumi metric 1 This line would create a routing entry that looks similar to this: helix.foo.c * 255.255.255.255 UH 0 0 637 eth0 To add a default gateway, use a command like this: /sbin/route add default gw helix metric 1 This line would create a routing entry that looks similar to this: default helix.foo.c 0.0.0.0 UG 0 0 13139 eth0 If any unnecessary routes appear in the routing table, use a command like this to remove them (in this example 172.16.170 specifies the destination field of an unwanted line in the routing statement): /sbin/route delete 172.16.170 Note that any unnecessary routes in the routing table can adversely affect your ability to make connections to Internet hosts and vice versa (you may see network unreachable errors, hangs, etc). If you model your routing tables closely on the examples given above, things should work ok (be sure to use your own network addresses, not the ones given in this example). To add a line to the ARP table, use a command like this (this example executed on gestalt): /sbin/arp -s 172.16.170.166 f:0:b:f1:0:1 pub The 172.16.170.166 is the internet address of one of the machines on the local (at home) ethernet. The f:0:b:f1:0:1 is the hardware ethernet address of gestalt's ethernet adapter. The 'pub' suffix means to publish this ARP entry to other hosts on the 172.16.170 (physical) network. If you've configured everything correctly, you should be able to telnet from either machine on your local network to any machine on the Internet (usually). Also, any machine on the Internet should be able to connect to any of the machines on the local (at home) network. For this reason be sure to take security precautions -- e.g. all accounts should have non-trivial passwords and you should probably run COPS, CRACK, or other security test suite on your computer). I could go into much more detail but then this document would become too large and thus probably less useful. Therefore, I'll end this document here pending feedback from its readers. John Garnett garnett@compbio.caltech.edu