ARPs disappear after a short time on Windows

[BarryStiefel]

ARPs disappear after a short time on Windows

Contributed by PhoneBoy
Published in geeklog Saturday, May 17 2003 @ 05:09 AM EST
Published in oldfaq 2002-Nov-10 00:12 dwelchATphoneboyDOTcom



The following article explains why ARP entries entered with the arp command disappear after a short time on Windows NT/2000 platforms.

If you are using the NG release of FireWall-1, enable "Automatic ARP Configuration" in the Global Properties, Network Address Translation tab if you are using automatic NAT rules. If not or if this fails for some reason, then we will need to configure local.arp on the NT firewall. Let's use the network described in the Q&A entry Routing and ARP issues with NAT:

Our network---------------------------------------------------------------------------- | | L| o| c| a| --------- -------- ---- l| 126.0.10.98| Fire |206.99.98.1 | | |CSU | MCI |-------------| |-----------------| Router |----| |---------- N| le0 | Wall |be0 | | |DSU | e| |_________| |________| |____| t| | | | 126 | . | -------- 0 |------|Web serv|126.0.10.50 . | -------- 10 | . | ---- 0 |------|FTP | | ---- | | ----- |------|Mail | | ----- |----------------------------------------------------------------------------

Suppose that the web server's translated address is 206.99.98.50 and the MAC address of the external interface on the firewall is 08:00:20:76:ea:77. On a UNIX platform, we would add an ARP request to the firewall machine as follows:

arp -s 206.99.98.50 08:00:20:76:ea:77 pub

This ARP message causes the firewall to respond to TCP/IP packets addressed to 206.99.98.50, which allows these packets to get to the firewall. The firewall then takes packets addressed to 206.99.98.50 and re-routes them to 126.0.10.50 thru the internal interface of the firewall.

In Windows NT, the 'arp' command will not function in this manner. Version 2.1c and later of FireWall-1 will do the proxy arps for you. You must create a file called %FWDIR%\state\local.arp (case matters!), which is formatted as follows:

translated_ip_address mac_address

In the example above, this file would contain:

206.99.98.50 08-00-20-76-ea-77

Once you've set this file up, you will need to re-install the current rulebase.

Note that you must have a NAT rule configured for local.arp to work.

-- RayLodato - 07 Jan 2004

FAQForm FAQs.Class: NetworkAddressTranslationFAQs FAQs.OS: OsWindows FAQs.Version: