How to enable or disable Proxy ARP on Linux

Let’s look at the status of Proxy ARP (1 – enabled, 0 – disabled):

cat /proc/sys/net/ipv4/conf/all/proxy_arp

You can look at a specific network interface (where eth0 is the name of the network interface):

cat /proc/sys/net/ipv4/conf/eth0/proxy_arp

You can enable Proxy ARP as follows:

sudo su
echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

Or so:

sudo sysctl net.ipv4.conf.all.proxy_arp=1
sudo sysctl net.ipv4.conf.eth0.proxy_arp=1
sudo sysctl -p

To turn off the Proxy ARP commands are similar, you only need to specify 0 instead of 1.

The above changes will be reset after restarting the system so that this does not happen, open the file /etc/sysctl.conf in any text editor:

sudo nano /etc/sysctl.conf

And specify:

net.ipv4.conf.all.proxy_arp=1
net.ipv4.conf.eth0.proxy_arp=1

If necessary, you can see the incoming ARP packets via tcpdump:

sudo tcpdump -n -i eth0 -e arp

There are also other arp settings, I will give an example of how to view them:

sysctl -a | grep net.ipv4.conf.*.arp

If port isolation is configured on the switches and you need clients in the same VLAN to see each other (in this case, all traffic will go through the server), then you need to enable proxy_arp_pvlan, by default it is disabled, that is, equal to 0. Note that on the server with accel-ppp with proxy-arp enabled, for example, you do not need to enable proxy_arp and proxy_arp_pvlan, since accel-ppp does it itself.

net.ipv4.conf.all.proxy_arp_pvlan = 0
net.ipv4.conf.default.proxy_arp_pvlan = 0
net.ipv4.conf.eth0.proxy_arp_pvlan = 0
net.ipv4.conf.eth0.proxy_arp_pvlan = 0

See also my article:
Configuring the Network in Linux

Leave a comment

Leave a Reply