0

I'm working with a network of docker containers. C1's routing table is below, it's default gateway 172.17.0.1 is the docker bridge. It's eth1 interface is connected to eth2 in C2 and it routes all destinations with a prefix of 192.1 to eth2 in C2.

enter image description here

Dest          Gateway       Genmask          Iface
default       172.17.0.1     0.0.0.0          eth0
192.1.0.0     0.0.0.0        255.255.0.0      eth1

C2's routing table is below. It is connected to C3 between eth3 on C2 and eth4 on C3.

Dest          Gateway       Genmask          Iface
192.1.2.0     192.1.2.1     255.255.254.0     eth3

I'm able to ping C2 from C1 using ping 192.1.1.2, however I cannot ping C3 from C1 using ping 192.1.2.2. When I try to ping C3, C1 sends out an ARP query looking for C3's Mac address which is only received by C2, and fails. I can make the ping to C3 succeed if I manually update C1's ARP table and give it the Mac address of eth2 in C2 for 192.1.2.2.

I believe I could also make this work by modifying C1's route table so it is on a different subnet then C3 and uses C2 as its default gateway. This way it wants the MAC address of C2 to ping C3.

Dest          Gateway       Genmask          Iface
default       192.1.1.2      0.0.0.0          eth1
192.1.2.0     0.0.0.0        255.255.254.0    eth1

However I've been lead to believe that it should be possible to ping C3 from C1 by only modifying C2's route table. Is this possible?

gary69
  • 119
  • 1
  • 7

1 Answers1

1

You can achieve it with proxy-arp functionality. When the proxy-arp is enabled on C2, it will answer the ARP requests with own MAC address in the ARP Reply. This is what you want.

To enable the proxy arp on eth0 interface of C2, you need run

sysctl -w net.ipv4.conf.eth2.proxy_arp=1

To enable on all interfaces run:

sysctl -w net.ipv4.conf.all.proxy_arp=1

To make this change permanent, you should edit the sysctl settings file.

Anton Danilov
  • 5,082
  • 2
  • 13
  • 23