کسی میدونه arp چیه ؟

**vPsPersia.COM** · May 20th, 2010, 15:51

سلام و خسته نباشید .

دوستان عزیز ، می خوام اطلاعاتی در مورد ARP کسب کنم ! این پروتوکل رو کسی میشناسه ؟

چهطوری در LINUX باید راه اندازی کنیم ؟ من می خواهم از این ARP در Mikrotik استفاده کنم .

کسی نظری نداره

**~~ibh~~** · May 20th, 2010, 16:30

IP Addresses and Address Resolution Protocol (ARP)

Document revision 1.4 (29-Dec-2003)
This document applies to the MikroTik RouterOS V2.7 Table of Contents

Summary

The following Manual discusses managing IP addresses and the Address Resolution Protocol (ARP). IP addresses serve as identification when communicating with other network devices using the TCP/IP protocol. In turn, communication between devices in one physical network proceeds with the help of Address Resolution Protocol and ARP addresses. Specifications

Packages required : None
License required : Any
Home menu level : /ip address, /ip arp
Protocols utilized : IP (RFC791), ARP (RFC826)
Hardware usage: not significant
Related Documents

Software Package Installation and Upgrading
IP Addressing

Submenu level : /ip address Description

IP addresses serve for a general host identification purposes in IP networks. Tupical (IPv4) address consists of four octets. For correct addressing the router also needs the network mask value, id est which bits of the complete IP address refer to the address of the host, and which - to the address of the network. The network address value is calculated by binary AND operation from network mask and IP address values. It's also possible to specify IP address followed by slash "/" and amount of bits assigned to a network mask. In most cases, it is enough to specify the address, the netmask, and the interface arguments. The network prefix and the broadcast address are calculated automatically.
It is possible to add multiple IP addresses to an interface or to leave the interface without any addresses assigned to it. Leaving a physical interface without an IP address is a must when the bridging between interfaces is used. In case of bridging, the IP address is assigned to a bridge interface.
MikroTik RouterOS has following types of addresses:

Static IP Addresses are user-assigned addresses to the network interfaces.
Dynamic IP Addresses are assigned automatically when ppp, ppptp, or pppoe connections are established.

Property Description

address (IP address) - IP address of the host
broadcast (IP address; default: 255.255.255.255) - broadcasting IP address, by default calculated from an IP address and a network mask
comment (text; default: "") - an optional comment for the IP address
disabled (yes | no; default: no) - is the address disabled or not
interface (name) - the name of the interface IP address assigned to
netmask (IP address; default: 0.0.0.0) - specifies the network address part of an IP address
network (IP address; default: 0.0.0.0) - IP address of the network. For the point-to-point links should be the address of the remote end
Example

[admin@MikroTik] ip address> add address=10.10.10.1/24 interface=ether2
[admin@MikroTik] ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 2.2.2.1/24 2.2.2.0 2.2.2.255 ether2
1 10.5.7.244/24 10.5.7.0 10.5.7.255 ether1
2 10.10.10.1/24 10.10.10.0 10.10.10.255 ether2

[admin@MikroTik] ip address>
Address Resolution Protocol

Submenu level : /ip arp Description

Address Resolution Protocol is used to map IP addreses to MAC layer addreses. A router has a table of currently used ARP entries. Normally the table is built dynamically, but to increase network security, static entries can be added. Property Description

address (IP address) - IP address
comment (text; default: "") - an optional comment
disabled (yes | no; default: no) - is the entry disabled or not
interface (name) - the name of the interface
mac-address (MAC address; default: 00:00:00:00:00:00) - MAC address to be mapped to
Notes

Maximal number of ARP entries is 1024. If arp feature is turned off on interface, i.e., arp=disabled is used, ARP requests from clients are not answered by the router. Therefore, static arp entry should be added to the clients as well. For example, the router's IP and MAC addresses should be added to the Windows workstations using the arp command:
C:\> arp -s 10.5.8.254 00-aa-00-62-c6-09
Example

[admin@MikroTik] ip arp> add address=10.10.10.10 interface=ether2 mac-address=06 \\
\\... :21:00

00:12
[admin@MikroTik] ip arp> print
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic
# ADDRESS MAC-ADDRESS INTERFACE
0 D 2.2.2.2 00:30:4F:1B:B3:D9 ether2
1 D 10.5.7.242 00:A0:24:9D

A4 ether1
2 10.10.10.10 06:21:00

00:12 ether2
[admin@MikroTik] ip arp>
If static arp entries are used for network security on an interface, you should set arp to 'reply-only' on that interface. Do it under the relevant /interfaces menu: [admin@MikroTik] ip arp> /interface ethernet set ether2 arp=reply-only
[admin@MikroTik] ip arp> print
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic
# ADDRESS MAC-ADDRESS INTERFACE
0 D 10.5.7.242 00:A0:24:9D

A4 ether1
1 10.10.10.10 06:21:00

00:12 ether2

[admin@MikroTik] ip arp>
Using the Proxy-ARP Feature

Description

All physical interfaces, like Ethernet, Prism, Aironet (PC), WaveLAN, etc., can be set for using the Address Resolution Protocol or not. By default, the arp feature is enabled. However, it can be changed to proxy-arp. The Proxy-ARP feature means that the router will be listening to arp requests received at the relevant interface and respond to them with it's own MAC address, if the requests matches any other IP address of the router. Example

For example, you can assign IP addresses to dial-in (ppp, pppoe, pptp) clients from the same address space as used on the connected LAN, of you enable the proxy-arp on the LAN interface. Let us consider the following setup:

The MikroTik router setup is as follows:
[admin@MikroTik] ip arp> /interface ethernet print
Flags: X - disabled, R - running
# NAME MTU MAC-ADDRESS ARP
0 R eth-LAN 1500 00

08:00:00:F5 proxy-arp
[admin@MikroTik] ip arp> /interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE MTU
0 eth-LAN ether 1500
1 prism1 prism 1500
2 D pppoe-in25 pppoe-in
3 D pppoe-in26 pppoe-in
[admin@MikroTik] ip arp> /ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 10.0.0.217/24 10.0.0.0 10.0.0.255 eth-LAN
1 D 10.0.0.217/32 10.0.0.230 0.0.0.0 pppoe-in25
2 D 10.0.0.217/32 10.0.0.231 0.0.0.0 pppoe-in26
[admin@MikroTik] ip arp> /ip route print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
# DST-ADDRESS G GATEWAY DISTANCE INTERFACE
0 S 0.0.0.0/0 r 10.0.0.1 1 eth-LAN
1 DC 10.0.0.0/24 r 0.0.0.0 0 eth-LAN
2 DC 10.0.0.230/32 r 0.0.0.0 0 pppoe-in25
3 DC 10.0.0.231/32 r 0.0.0.0 0 pppoe-in26
[admin@MikroTik] ip arp>
Using Unnumbered Interfaces

Description

The unnumbered interfaces can be used on serial point-to-point links, e.g., MOXA or Cyclades interfaces. A private address should be put on the interface with the network being the same as an address on the router on the other side of the p2p link (there may be no IP on that interface, but there is an ip for that router). Example

[admin@MikroTik] ip address> add address=10.0.0.214/32 network=192.168.0.1 \
\... interface=pppsync
[admin@MikroTik] ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 10.0.0.214/32 192.168.0.1 192.168.0.1 pppsync
[admin@MikroTik] ip address>
[admin@MikroTik] ip address> .. route print detail
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
0 S dst-address=0.0.0.0/0 preferred-source=0.0.0.0 gateway=192.168.0.1
gateway-state=reachable distance=1 interface=pppsync

1 DC dst-address=192.168.0.1/32 preferred-source=10.0.0.214
gateway=0.0.0.0 gateway-state=reachable distance=0 interface=pppsync

[admin@MikroTik] ip address>
Here, you can see, that a dynamic connected route has been automatically added to the routes list. If you want the default gateway be the other router of the p2p link, just add a static route for it. It is shown as #0 in the example above. Troubleshooting

I added IP addresses 10.0.0.1/24 and 10.0.0.2/24 to the interfaces ether1 and ether2, but nothing works.
Both addresses are from the same network 10.0.0.0/24, use addresses from different networks on different interfaces, or enable proxy-arp on ether1 or ether2.
I was going to use static ARP and have my network secured that way. For the first 10 minutes everything is fine, then router becomes totally unavailable.
After you turn off ARP on router's interface, the dynamic ARP entries expire on the client computers. You should add the router's IP and MAC addresses to the static ARP entries of the workstations.

Additional Resources

Addressing in Local Area Networks © Copyright 1999-2003, MikroTik
============================================
ARP: Address Resolution Protocol

Ethernet hosts use the Address Resolution Protocol (ARP) to convert a 32-bit internet IP addresses into a 48-bit Ethernet MAC address used by network hardware. (See: RFC 826) ARP broadcasts are sent to all hosts on the subnet by the data transmitting host to see who replies. The broadcast is ignored by all except the intended receiver which recognizes the IP address as its own. The MAC addresses are remembered (APR cache) for future network communications. Computers on the subnet typically keep a cache of ARP responses. ARP broadcasts are passed on by hubs and switches but are blocked by routers.
Reverse ARP (See: RFC 903) is a bootstrap protocol which allows a client to broadcast requesting a server to reply with its IP address.

arp (8) man page - manipulate the system ARP cache
Shows other systems on your network (including IP address conflicts): arp -a
Show ARP table Linux style: arp -e
arpwatch (8) man page - keep track of ethernet/ip address pairings
arpsnmp (8) man page - keep track of ethernet/ip address pairings. Reads information generated by snmpwalk
arping (8) man page - send ARP REQUEST to a neighbor host
Print ARP reply (similar to arp -a): arping 192.168.10.99
List ARP table: cat /proc/net/arp
ip (8) man page - show / manipulate routing, devices, policy routing and tunnels
View ARP table: ip neighbor

ARP is something that simply works. No Linux system configuration is necessary. It's all part of the ethernet and IP protocol. The aforementioned information is just part of the Linux culture of full visibility into what is going on.

================================================== =============

- arp - Linux ARP kernel module.
DESCRIPTION
- This kernel protocol module implements the Address Resolution Protocol defined in RFC 826. It is used to convert between Layer2 hardware addresses and IPv4 protocol addresses on directly connected networks. The user normally doesn't interact directly with this module except to configure it; instead it provides a service for other protocols in the kernel.
  A user process can receive ARP packets by using packet(7) sockets. There is also a mechanism for managing the ARP cache in user-space by using netlink(7) sockets. The ARP table can also be controlled via ioctl(2) on any AF_INET socket.
  The ARP module maintains a cache of mappings between hardware addresses and protocol addresses. The cache has a limited size so old and less frequently used entries are garbage-collected. Entries which are marked as permanent are never deleted by the garbage-collector. The cache can be directly manipulated by the use of ioctls and its behavior can be tuned by the /proc interfaces described below.
  When there is no positive feedback for an existing mapping after some time (see the /proc interfaces below), a neighbor cache entry is considered stale. Positive feedback can be gotten from a higher layer; for example from a successful TCP ACK. Other protocols can signal forward progress using the MSG_CONFIRM flag to sendmsg(2) . When there is no forward progress, ARP tries to reprobe. It first tries to ask a local arp daemon app_solicit times for an updated MAC address. If that fails and an old MAC address is known, a unicast probe is sent ucast_solicit times. If that fails too, it will broadcast a new ARP request to the network. Requests are only sent when there is data queued for sending.
  Linux will automatically add a non-permanent proxy arp entry when it receives a request for an address it forwards to and proxy arp is enabled on the receiving interface. When there is a reject route for the target, no proxy arp entry is added. Ioctls Three ioctls are available on all AF_INET sockets. They take a pointer to a struct arpreq as their argument.
  struct arpreq {
  struct sockaddr arp_pa; /* protocol address */
  struct sockaddr arp_ha; /* hardware address */
  int arp_flags; /* flags */
  struct sockaddr arp_netmask; /* netmask of protocol address */
  char arp_dev[16];
- ================================================== =====================\
- - MAC Address: (media access control) is the network card address used for communication between other network devices on the subnet. This info is not routable. The ARP table maps TCP/IP address (global internet) to the local hardware on the local network. Use the command /sbin/ifconfig to view both the IP address and the MAC address. The MAC address uniquely identifies each node of a network and is used by the Ethernet protocol.
  - Full Duplex: Allows the simultaneous sending and receiving of packets. Most modern modems support full duplex.
  - Half Duplex: Allows the sending and receiving of packets in one direction at a time only.
  - OSI 7 Layer Model: The ISO (International Standards Organization) has defined the OSI (Open Systems Interconnection) model for current networking protocols. OSI Layer Description Linux Networking Use 7 Application Layer.
    The top layer for communications applications like email and the web. telnet, web browser, sendmail 6 Presentation Layer.
    Syntax and format of data transfer. SMTP, http 5 Session Layer.
    4 Transport Layer.
    Connection, acknowledgement and data packet transmission. TCP
    UDP 3 Network Layer. IP
    ARP 2 Data Link Layer.
    Error control, timing Ethernet 1 Physical Layer.
    Electrical characteristics of signal and NIC Ethernet
  - Network Hub: Hardware to connect network devices together. The devices will all be on the same network and/or subnet. All network traffic is shared and can be sniffed by any other node connected to the same hub.
  - Network Switch: Like a hub but creates a private link between any two connected nodes when a network connection is established. This reduces the amount of network collisions and thus improves speed. Broadcast messages are still sent to all nodes.
================================================== ============
- };
  
  SIOCSARP ", " SIOCDARP " and " SIOCGARP respectively set, delete and get an ARP mapping. Setting and deleting ARP maps are privileged operations and may only be performed by a process with the CAP_NET_ADMIN capability or an effective UID of 0.
  arp_pa must be an AF_INET socket and arp_ha must have the same type as the device which is specified in arp_dev . arp_dev is a zero-terminated string which names a device. c s l l. arp_flags flag:meaning ATF_COM:Lookup complete ATF_PERM:Permanent entry ATF_PUBL:Publish entry ATF_USETRAILERS:Trailers requested ATF_NETMASK:Use a netmask ATF_DONTPUB:Don't answer
  
  If the ATF_NETMASK flag is set, then arp_netmask should be valid. Linux 2.2 does not support proxy network ARP entries, so this should be set to 0xffffffff, or 0 to remove an existing proxy arp entry. ATF_USETRAILERS is obsolete and should not be used. /proc interfaces ARP supports a range of /proc interfaces to configure parameters on a global or per-interface basis. The interfaces can be accessed by reading or writing the /proc/sys/net/ipv4/neigh/*/* files. Each interface in the system has its own directory in /proc/sys/net/ipv4/neigh/ . The setting in the "default" directory is used for all newly created devices. Unless otherwise specified, time-related interfaces are specified in seconds. anycast_delay " (since Linux 2.2)" The maximum number of jiffies to delay before replying to a IPv6 neighbor solicitation message. Anycast support is not yet implemented. Defaults to 1 second. app_solicit " (since Linux 2.2)" The maximum number of probes to send to the user space ARP daemon via netlink before dropping back to multicast probes (see mcast_solicit ). Defaults to 0. base_reachable_time " (since Linux 2.2)" Once a neighbor has been found, the entry is considered to be valid for at least a random value between base_reachable_time "/2 and 3*" base_reachable_time /2. An entry's validity will be extended if it receives positive feedback from higher level protocols. Defaults to 30 seconds. This file is now obsolete in favor of base_reachable_time_ms . base_reachable_time_ms " (since Linux 2.6.12)" As for base_reachable_time , but measures time in milliseconds. Defaults to 30000 milliseconds. delay_first_probe_time " (since Linux 2.2)" Delay before first probe after it has been decided that a neighbor is stale. Defaults to 5 seconds. gc_interval " (since Linux 2.2)" How frequently the garbage collector for neighbor entries should attempt to run. Defaults to 30 seconds. gc_stale_time " (since Linux 2.2)" Determines how often to check for stale neighbor entries. When a neighbor entry is considered stale, it is resolved again before sending data to it. Defaults to 60 seconds. gc_thresh1 " (since Linux 2.2)" The minimum number of entries to keep in the ARP cache. The garbage collector will not run if there are fewer than this number of entries in the cache. Defaults to 128. gc_thresh2 " (since Linux 2.2)" The soft maximum number of entries to keep in the ARP cache. The garbage collector will allow the number of entries to exceed this for 5 seconds before collection will be performed. Defaults to 512. gc_thresh3 " (since Linux 2.2)" The hard maximum number of entries to keep in the ARP cache. The garbage collector will always run if there are more than this number of entries in the cache. Defaults to 1024. locktime " (since Linux 2.2)" The minimum number of jiffies to keep an ARP entry in the cache. This prevents ARP cache thrashing if there is more than one potential mapping (generally due to network misconfiguration). Defaults to 1 second. mcast_solicit " (since Linux 2.2)" The maximum number of attempts to resolve an address by multicast/broadcast before marking the entry as unreachable. Defaults to 3. proxy_delay " (since Linux 2.2)" When an ARP request for a known proxy-ARP address is received, delay up to proxy_delay jiffies before replying. This is used to prevent network flooding in some cases. Defaults to 0.8 seconds. proxy_qlen " (since Linux 2.2)" The maximum number of packets which may be queued to proxy-ARP addresses. Defaults to 64. retrans_time " (since Linux 2.2)" The number of jiffies to delay before retransmitting a request. Defaults to 1 second. This file is now obsolete in favor of retrans_time_ms . retrans_time_ms " (since Linux 2.6.12)" The number of milliseconds to delay before retransmitting a request. Defaults to 1000 milliseconds. ucast_solicit " (since Linux 2.2)" The maximum number of attempts to send unicast probes before asking the ARP daemon (see app_solicit ). Defaults to 3. unres_qlen " (since Linux 2.2)" The maximum number of packets which may be queued for each unresolved address by other network layers. Defaults to 3.

---------- Post added at 04:30 PM ---------- Previous post was at 04:14 PM ----------

Point to Point Tunnel Protocol (PPTP)

Document revision 1.8 (27-Mar-2003)
This document applies to MikroTik RouterOS v2.7
Table of Contents

Summary

PPTP (Point to Point Tunnel Protocol) supports encrypted tunnels over IP. The MikroTik RouterOS implementation includes support fot PPTP client and server. General applications of PPTP tunnels:

For secure router-to-router tunnels over the Internet
To link (bridge) local Intranets or LANs (when EoIP is also used)
For mobile or remote clients to remotely access an Intranet/LAN of a company (see PPTP setup for Windows for more information)

Each PPTP connection is composed of a server and a client. The MikroTik RouterOS may function as a server or client – or, for various configurations, it may be the server for some connections and client for other connections. For example, the client created below could connect to a Windows 2000 server, another MikroTik Router, or another router which supports a PPTP server. Specifications

Packages required : ppp
License required : Basic (DEMO license is limited to 4 tunnels)
Home menu level : /interface pptp-server, /interface pptp-client
Protocols utilized : PPTP (RFC2637)
Hardware usage: not significant
Related Documents

Software Package Installation and Upgrading
IP Addresses and Address Resolution Protocol (ARP)
Authentication, Authorization and Accounting
Ethernet over IP (EoIP) Tunnel Interface Description

PPTP is a secure tunnel for transporting IP traffic using PPP. PPTP encapsulates PPP in virtual lines that run over IP. PPTP incorporates PPP and MPPE (Microsoft Point to Point Encryption) to make encrypted links. The purpose of this protocol is to make well-managed secure connections between routers as well as between routers and PPTP clients (clients are available for and/or included in almost all OSs including Windows). PPTP includes PPP authentication and accounting for each PPTP connection. Full authentication and accounting of each connection may be done through a RADIUS client or locally.
MPPE 40bit RC4 and MPPE 128bit RC4 encryption are supported.
PPTP traffic uses TCP port 1723 and IP protocol GRE (Generic Routing Encapsulation, IP protocol ID 47), as assigned by the Internet Assigned Numbers Authority (IANA). PPTP can be used with most firewalls and routers by enabling traffic destined for TCP port 1723 and protocol 47 traffic to be routed through the firewall or router.
PPTP connections may be limited or impossible to setup though a masqueraded/NAT IP connection. Please see the Microsoft and RFC links at the end of this section for more information.
PPTP Client Setup

Submenu level : /interface pptp-client Property Description

name (name; default: pptp-out1) - interface name for reference
mtu (integer; default: 1460) - Maximum Transmit Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MTU to 1460 to avoid fragmentation of packets)
mru (integer; default: 1460) - Maximum Receive Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MRU to 1460 to avoid fragmentation of packets)
connect-to (IP address)- the IP address of the PPTP server to connect to
user (string)- user name to use when logging on to the remote server
password (string; default: "")- user password to use when logging to the remote server
profile (name; default: default) - profile to use when connecting to the remote server
add-default-route (yes | no; default: no) - whether to use the server which this client is connected to as its default router (gateway)
Example

To set up PPTP client named test2 using username john with password john to connect to the 10.1.1.12 PPTP server and use it as the default gateway: [admin@MikroTik] interface pptp-client> add name=test2 connect-to=10.1.1.12 \
\... user=john add-default-route=yes password=john
[admin@MikroTik] interface pptp-client> print
Flags: X - disabled, R - running
0 X name="test2" mtu=1460 mru=1460 connect-to=10.1.1.12 user="john"
password="john" profile=default add-default-route=yes

[admin@MikroTik] interface pptp-client> enable 0
Monitoring PPTP Client

Command name : /interface pptp-client monitor Property Description

Statistics: uptime (time) - connection time displayed in days, hours, minutes, and seconds
encoding (string) - encryption and encoding (if asymmetric, separated with '/') being used in this connection
status (string) - status of the client:
Dialing – attempting to make a connection
Verifying password... - connection has been established to the server, password verification in progress
Connected – self-explanatory
Terminated – interface is not enabled or the other side will not establish a connection
Example

Example of an established connection: [admin@MikroTik] interface pptp-client> monitor test2 uptime: 4h35s encoding: MPPE 128 bit, stateless status: Connected [admin@MikroTik] interface pptp-client> PPTP Server Setup

Submenu level : /interface pptp-server server [admin@MikroTik] interface pptp-server server> print enabled: no mtu: 1460 mru: 1460 authentication: mschap2 default-profile: default [admin@MikroTik] interface pptp-server server> Description

The PPTP server supports unlimited connections from clients. For each current connection, a dynamic interface is created. Property Description

enabled (yes | no; default: no) - defines whether PPTP server is enabled or not
mtu (integer; default: 1460) - Maximum Transmit Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MTU to 1460 to avoid fragmentation of packets)
mru (integer; default: 1460) - Maximum Receive Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MTU to 1460 to avoid fragmentation of packets)
authentication (multiple choice: pap | chap | mschap1 | mschap2; default: mschap2) - authentication algorithm
default-profile (name; default: default) - default profile to use
Example

To enable PPTP server: [admin@MikroTik] interface pptp-server server> set enabled=yes [admin@MikroTik] interface pptp-server server> print enabled: yes mtu: 1460 mru: 1460 authentication: mschap2 default-profile: default [admin@MikroTik] interface pptp-server server> PPTP Server Users

Submenu level : /interface pptp-server Description

There are two types of items in PPTP server configuration - static users and dynamic connections. A dynamic connection can be established if the user database or the default-profile has its local-address and remote-address set correctly. When static users are added, the default profile may be left with its default values and only P2P user (in /ppp secret) should be configured. Note that in both cases P2P users must be configured properly. Property Description

name - interface name
user - the name of the user that is configured statically or added dynamically
Statistics:
mtu - shows (cannot be set here) client's MTU
client-address - shows (cannot be set here) the IP of the connected client
uptime - shows how long the client is connected
encoding (string) - encryption and encoding (if asymmetric, separated with '/') being used in this connection

Example

To add a static entry for ex1 user: [admin@MikroTik] interface pptp-server> add user=ex1 [admin@MikroTik] interface pptp-server> print Flags: X - disabled, D - dynamic, R - running # NAME USER MTU CLIENT-ADDRESS UPTIME ENC... 0 DR <pptp-ex> ex 1460 10.0.0.202 6m32s none 1 pptp-in1 ex1 [admin@MikroTik] interface pptp-server> In this example an already connected user ex is shown besides the one we just added. PPTP Router-to-Router Secure Tunnel Example

The following is an example of connecting two Intranets using an encrypted PPTP tunnel over the Internet.

There are two routers in this example:

[HomeOffice]
Interface LocalHomeOffice 10.150.2.254/24
Interface ToInternet 192.168.80.1/24
[RemoteOffice]
Interface ToInternet 192.168.81.1/24
Interface LocalRemoteOffice 10.150.1.254/24

Each router is connected to a different ISP. One router can access another router through the Internet. On the PPTP server a user must be set up for the client:
[admin@HomeOffice] ppp secret> add name=ex service=pptp password=lkjrht local-address=10.0.103.1 remote-address=10.0.103.2 [admin@HomeOffice] ppp secret> print detail Flags: X - disabled 0 name="ex" service=pptp caller-id="" password="lkjrht" profile=default local-address=10.0.103.1 remote-address=10.0.103.2 routes=="" [admin@HomeOffice] ppp secret> Then the user should be added in the PPTP server list:

[admin@HomeOffice] interface pptp-server> add user=ex [admin@HomeOffice] interface pptp-server> print Flags: X - disabled, D - dynamic, R - running # NAME USER MTU CLIENT-ADDRESS UPTIME ENC... 0 pptp-in1 ex [admin@HomeOffice] interface pptp-server> And finally, the server must be enabled:

[admin@HomeOffice] interface pptp-server server> set enabled=yes [admin@HomeOffice] interface pptp-server server> print enabled: yes mtu: 1460 mru: 1460 authentication: mschap2 default-profile: default [admin@HomeOffice] interface pptp-server server> Add a PPTP client to the RemoteOffice router:

[admin@RemoteOffice] interface pptp-client> add connect-to=192.168.80.1 user=ex \ \... password=lkjrht disabled=no [admin@RemoteOffice] interface pptp-client> print Flags: X - disabled, R - running 0 R name="pptp-out1" mtu=1460 mru=1460 connect-to=192.168.80.1 user="ex" password="lkjrht" profile=default add-default-route=no [admin@RemoteOffice] interface pptp-client> Thus, a PPTP tunnel is created between the routers. This tunnel is like an Ethernet point-to-point connection between the routers with IP addresses 10.0.103.1 and 10.0.103.2 at each router. It enables 'direct' communication between the routers over third party networks.

To route the local Intranets over the PPTP tunnel – add these routes:

[admin@HomeOffice] > ip route add dst-address 10.150.1.0/24 gateway 10.0.103.2 [admin@RemoteOffice] > ip route add dst-address 10.150.2.0/24 gateway 10.0.103.1 On the PPTP server it can alternatively be done using routes parameter of the user configuration:

[admin@HomeOffice] ppp secret> print detail Flags: X - disabled 0 name="ex" service=pptp caller-id="" password="lkjrht" profile=default local-address=10.0.103.1 remote-address=10.0.103.2 routes=="" [admin@HomeOffice] ppp secret> set 0 routes="10.150.1.0/24 10.0.103.2 1" [admin@HomeOffice] ppp secret> print detail Flags: X - disabled 0 name="ex" service=pptp caller-id="" password="lkjrht" profile=default local-address=10.0.103.1 remote-address=10.0.103.2 routes="10.150.1.0/24 10.0.103.2 1" [admin@HomeOffice] ppp secret> Test the PPTP tunnel connection:

[admin@RemoteOffice]> /ping 10.0.103.1 10.0.103.1 pong: ttl=255 time=3 ms 10.0.103.1 pong: ttl=255 time=3 ms 10.0.103.1 pong: ttl=255 time=3 ms ping interrupted 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 3/3.0/3 ms Test the connection through the PPTP tunnel to the LocalHomeOffice interface:

[admin@RemoteOffice]> /ping 10.150.2.254 10.150.2.254 pong: ttl=255 time=3 ms 10.150.2.254 pong: ttl=255 time=3 ms 10.150.2.254 pong: ttl=255 time=3 ms ping interrupted 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 3/3.0/3 ms To bridge a LAN over this secure tunnel, please see the example in the 'EoIP' section of the manual. To set the maximum speed for traffic over this tunnel, please consult the 'Queues' section.

Connecting a Remote Client via PPTP Tunnel

The following example shows how to connect a computer to a remote office network over PPTP encrypted tunnel giving that computer an IP address from the same network as the remote office has (without need of bridging over eoip tunnels) Please, consult the respective manual on how to set up a PPTP client with the software You are using.

The router in this example:

[RemoteOffice]
Interface ToInternet 192.168.81.1/24
Interface Office 10.150.1.254/24

The client computer can access the router through the Internet. On the PPTP server a user must be set up for the client:
[admin@RemoteOffice] ppp secret> add name=ex service=pptp password=lkjrht local-address=10.150.1.254 remote-address=10.150.1.2 [admin@RemoteOffice] ppp secret> print detail Flags: X - disabled 0 name="ex" service=pptp caller-id="" password="lkjrht" profile=default local-address=10.150.1.254 remote-address=10.150.1.2 routes=="" [admin@RemoteOffice] ppp secret> Then the user should be added in the PPTP server list:

[admin@RemoteOffice] interface pptp-server> add name=FromLaptop user=ex [admin@RemoteOffice] interface pptp-server> print Flags: X - disabled, D - dynamic, R - running # NAME USER MTU CLIENT-ADDRESS UPTIME ENC... 0 FromLaptop ex [admin@RemoteOffice] interface pptp-server> And the server must be enabled:

[admin@RemoteOffice] interface pptp-server server> set enabled=yes [admin@RemoteOffice] interface pptp-server server> print enabled: yes mtu: 1460 mru: 1460 authentication: mschap2 default-profile: default [admin@RemoteOffice] interface pptp-server server> Finally, the proxy APR must be enabled on the 'Office' interface:

[admin@RemoteOffice] interface ethernet> set Office arp=proxy-arp [admin@RemoteOffice] interface ethernet> print Flags: X - disabled, R - running # NAME MTU MAC-ADDRESS ARP 0 R ToInternet 1500 00:30:4F:0B:7B:C1 enabled 1 R Office 1500 00:30:4F:06

12 proxy-arp [admin@RemoteOffice] interface ethernet>
PPTP Setup for Windows

Microsoft provides PPTP client support for Windows NT, 2000, ME, 98se, and 98. Windows 98se, 2000, and ME include support in the Windows setup or automatically install PPTP. For 95, NT, and 98, installation requires a download from Microsoft. Many ISPs have made help pages to assist clients with Windows PPTP installation. Real Time Enterprises, Inc. - Support Site Index
Microsoft Windows: Windows 7, Windows Vista, Windows XP, Windows Live

Sample instructions for PPTP (VPN) installation and client setup – Windows 98se

If the VPN (PPTP) support is installed, select 'Dial-up Networking' and 'Create a new connection'. The option to create a 'VPN' should be selected. If there is no 'VPN' options, then follow the installation instructions below. When asked for the 'Host name or IP address of the VPN server', type the IP address of the router. Double-click on the 'new' icon and type the correct user name and password (must also be in the user database on the router or RADIUS server used for authentication).
The setup of the connections takes nine seconds after selection the 'connect' button. It is suggested that the connection properties be edited so that 'NetBEUI', 'IPX/SPX compatible', and 'Log on to network' are unselected. The setup time for the connection will then be two seconds after the 'connect' button is selected.
To install the 'Virtual Private Networking' support for Windows 98se, go to the 'Setting' menu from the main 'Start' menu. Select 'Control Panel', select 'Add/Remove Program', select the 'Windows setup' tab, select the 'Communications' software for installation and 'Details'. Go to the bottom of the list of software and select 'Virtual Private Networking' to be installed.
Troubleshooting

I use firewall and I cannot establish PPTP connection
Make sure the TCP connections to port 1723 can pass through both directions between your sites. Also, IP protocol 47 should be passed through.

Additional Resources

Links for PPTP documentation: http://msdn.microsoft.com/library/backgrnd/html/understanding_pptp.htm
Troubleshooting PPTP Connectivity Issues in Windows NT 4.0
http://www.ietf.org/rfc/rfc2637.txt?number=2637
http://www.ietf.org/rfc/rfc3078.txt?number=3078
http://www.ietf.org/rfc/rfc3079.txt?number=3079

**vPsPersia.COM** · May 20th, 2010, 17:25

زیاد از این سر در نمیارم !

شما می تونی لیست کامند هایی که برای arp نیاز هست بهم بگی ؟

اصلا کاره این arp چیه ! چه کار می کنه ؟

**Online24** · May 20th, 2010, 19:32

ARP = Address Resolution Protocol

یکی از پروتکل های موجود در TCP/IP هست که عمل تبدیل آدرس IP به MAC address رو انجام میده .
استفاده از این پروتکل زمانی هست که نیاز به ارتباط درون شبکه ی خودتون با دیگر ابزار ها و سخت افزار ها داشته باشید .
ارتباط درون شبکه ای در عمل فقط با استفاده از MAC address انجام میشه ... ولی از اونجا که مدیر شبکه با IP آدرس گذاری میکنه همچین پروتکلی ایجاد شده تا به صورت خودکار عمل تبدیل رو انجام بده ...
نیازی به راه اندازی نیست ، یکی از ضروری ترین پروتکل های شبکه هست . در لینوکس و دیگر سیستم عامل هایی که از TCP/IP برای ارتباطات خودشون استفاده میکنند به طور پیشفرض آماده هست .

لیست کامند هایی موجود هم این جا لیست شده :
arp - Linux Command - Unix Command

* مهم ترین قسمت مدیریت ARP ، مدیریت arp cash هست که اگر مایل باشید به صورت دستی مدیریت کنید ، از لیت کامند های موجود قادر به این کار خواهید بود .

* در کل این پروتکل به صورت خودکار کار خودش رو انجام میده و نیاز به مدیریت زیادی نداره !
اگه بتونید نیازتون به این پروتکل رو بیشتر توضیح بدید شاید بهتر بشه توضیح داد .

**vPsPersia.COM** · May 20th, 2010, 20:35

ببینید دیتاسنتر من OVH هست ، و متاسفانه یک الگوریتم داره که بشه به هر VPS شبکه داد ،

به این صورت که در سیستم عامل های لینوکس بعد از تنظیم IP و ... با استفاده از دستور SETUP ، باید دو دستور زیر را زد و سرویس Network رو ریستارت کرد

سپس VPS دارای شبکه می شود

GATEWAY dev eth0
default via GATEWAY dev eth0

این دوتا دستور هست که گفتم ، لازم به ذکر است که تمامی IP های ما داری MAC ADDRESS جدا هستند .

خلاصه با این تفاسیر ، آیا امکانش هست که من یک VPS میکروتیک داشته باشم ؟ اون طور که گفتند باید با ARP این کار رو انجام بدم !

**Online24** · May 20th, 2010, 21:19

.
برای این کار کافیه gateway رو روی کارت شبکه VPS تون معرفی و تنظیم کنید و و به اینترنت متصل بشید ...
همین !
این وسط از پروتکل ARP استفاده میشه ، ولی این که شما فکر کنید باید تنظیماتی روی ARP اعمال کنید تا به اینترنت متصل بشید صحیح نیست .
پس فقط ip gateway رو روی کارت شبکه تنظیم کنید . ARP بعد از تنظیمات ip gatway رو به mac تبدیل میکنه و ارتباط داخلی رو انجام میده ...
( با این کار ARP به کار گرفته میشه )

**vPsPersia.COM** · May 22nd, 2010, 11:23

مرسی بابت راهنماییت !

والا کار به این صورت هست که ما در کنسول خود (XenCenter) در تنظیمات شبکه فقط یک MAC آدرس ادد می کنیم !

بعد در قسمت SETUP ، مقادیر IP و gateway و netmask و ..... رو میزنیم ، که در نهایت این IP و ... به MAC وصل میشه و VPS دارای شبکه هست .

اما اینکار را در MIKROTIK نمی دانم چهطوری انجام بدم ، کلی آموزش و کلی دستور در اینترنت هست که نمی دانم کدام صحیح هست .

اگه لطف کنید ، کامند های که باید بزنم برای تنظیم IP و Netmask و Gateway و DNS و این ARP رو به من بگید ، که من پشت سرهم آن ها را بزنم 1

ممنون میشم . فکر کنم اینطوری زود تر به جواب میرسیم

**~~ibh~~** · May 22nd, 2010, 22:40

اصلا خودت رو اذیت نکین
طبق راهنمایی که بالا کردم
ربطی به کنسول و مجازی ساز نداره
cd /usr/bin/arp/
هر کدوم فایل که نیاز داری ویرایش کن

موضوع: کسی میدونه arp چیه ؟

ابزارهای موضوع

نحوه نمایش موضوع