This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
P_M
Participant
‎2020-12-07 01:07 AM

Proxy ARP for Manual NAT – (local.arp file) rewritten after restart

Jump to solution

Hello,

We are running R80.30 in a clustered environment, and have Proxy ARP for Manual NAT – (local.arp file) in place.

I have noticed recently noticed that the local.arp file is written over with other information after every restart of one of the Firewall. The other Firewall is not affected.

I know that a former colleague that has since moved onto another employer had been testing setting up  Logical server, and had been experimenting with Proxy Arp for manual NAT (local.arp file).

Does anyone have a clue on where this setting is that rewrites the local.arp file on restart of the Firewall?

Thank you in advance.

 

Regards

P_M

0 Kudos
1 Solution

Accepted Solutions
Axel_Engeland
Participant
‎2020-12-07 02:29 AM
In response to P_M

Jump to solution

Hello P_M,

I'd recommend setting up proxy arp according to sk30197 on both nodes so local.arp is rewritten at boot, but with correct content. If I have the option to configure something in clish instead of some config file I always prefer clish.

Alternatively, you can write your local.arp manually and protect it from being overwritten by using "chattr +i $FWDIR/conf/local.arp", but this is neither recommended nor supported, I guess.

View solution in original post

5 Replies
Axel_Engeland
Participant
‎2020-12-07 01:55 AM

Jump to solution

$FWDIR/conf/local.arp is always rewritten on boot or configuration change by confd (except on VSX virtual systems >0). It should say so in the first three lines of the file ("# This file was AUTOMATICALLY GENERATED"...). Here are the things I would do:

  • Compare the content of local.arp with the clish configuration ("show arp proxy all")
  • Make sure the local.arp on both gateways do not have the immutable flag (lsattr $FWDIR/conf/local.arp should not show the "i" flag)
  • Check for custom boot configurations in /etc/rc.d/rc.local or /etc/rc.d/rc.local.user)
0 Kudos
P_M
Participant
‎2020-12-07 02:17 AM
In response to Axel_Engeland

Jump to solution

Hello Axel,

 

Thank you for your response.

 

When I run ("show arp proxy all") then I see that is the content from the output, that is written over to local.arp during restarts.

How can I now fix this issue?

 

Regards

P_M

0 Kudos
P_M
Participant
‎2020-12-07 02:19 AM
In response to P_M

Jump to solution

Forgot to mention, that is only on one of the cluster members that local.arp is written over during restart.

 

Regards 

P_M

0 Kudos
Axel_Engeland
Participant
‎2020-12-07 02:29 AM
In response to P_M

Jump to solution

Hello P_M,

I'd recommend setting up proxy arp according to sk30197 on both nodes so local.arp is rewritten at boot, but with correct content. If I have the option to configure something in clish instead of some config file I always prefer clish.

Alternatively, you can write your local.arp manually and protect it from being overwritten by using "chattr +i $FWDIR/conf/local.arp", but this is neither recommended nor supported, I guess.

P_M
Participant
‎2020-12-09 11:32 AM
In response to Axel_Engeland

Jump to solution

Hello Axel,

 

Thank you for your response and help!

I removed the Proxy Arp entry and this solved the problem with the local.arp being written over.

Cheers!

P-M

0 Kudos