Proxy ARP on Checkpoint SPLAT – my way

February 15, 2010 admin 3 comments

The checkpoint knowledge base suggests you reboot to enable proxy arp. Not a great idea if you have a firewall cluster in production.

Check to see if proxy arp is enabled on your ethernet (eth0 in this example):

cat /proc/sys/net/ipv4/conf/eth0/proxy_arp

It will return 1 or 0, enabled or disabled.

To set:

echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

Now you can use the arp command to publish a proxy arp entry, I like to use the hardware address of the ethernet we’re hiding behind ( -Ds parameter )

/sbin/arp -Ds (ipaddr you’re creating arp for) eth0 pub

/sbin/arp -Ds 10.20.30.100 eth0 pub

Checkpoint none

#1 | Written by Jasmun about 2 years ago.

nice way to do it, if you do it the checkpoint way though, you can just run sysctl -w to publish the values without a reset
#2 | Written by account money about 2 years ago.

After reading you site, Your site is very useful for me .I bookmarked your site!
#3 | Written by Purse Parties about 2 years ago.

I do not believe I have seen this described that way before. You actually have clarified this for me. Thanks!

Megamon Tech Blog

Proxy ARP on Checkpoint SPLAT – my way

Leave a Comment