Re: arp magic
On Sun, Oct 27, 2002 at 08:31:53PM +0100, Peter Palfrader wrote:
> On Sun, 27 Oct 2002, Blars Blarson wrote:
>
> > weasel@debian.org writes:
> >
> > >I've the following setup:
> > >
> > > 10.200.118.0/24 (internal)
> > > |
> > > |
> > > | eth0:10.200.118.1
> > > +--------+
> > > | marvin |
> > > +--------+
> > > | eth1: 10.2.2.20
> > > |
> > > |
> > > 10.0.0.0/8 (external)
> > >
> > >Now if a host on the external network sends an 'arp who-has
> > >10.200.118.1' request marvin answers on eth1.
> > >Is there any way to _stop_ that behaviour?
>
> My problem is one layer below: arp. From the description the hidden
> patch suggested by Emmanuel looks promising. I will have to try it
> tomorrow.
You shouldn't have to... "arp_filter" is there for that reason; whether
it works or not is another question. :) Try:
echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter
...and see if that makes a difference. I'd like to hear the results
either way, because I've been expecting this to work on a number of
routers I've configured.
arp_filter - BOOLEAN
1 - Allows you to have multiple network interfaces on the
same subnet, and have the ARPs for each interface be answered
based on whether or not the kernel would route a packet from
the ARP'd IP out that interface (therefore you must use
source based routing for this to work). In other words it
allows control of which cards (usually 1) will respond to an
arp request.
0 - (default) The kernel can respond to arp requests with
addresses from other interfaces. This may seem wrong but it
usually makes sense, because it increases the chance of
successful communication. IP addresses are owned by the
complete host on Linux, not by particular interfaces. Only
for more complex setups like load- balancing, does this
behaviour cause problems.
Simon-
[ Simon Kirby ][ Network Operations ]
[ sim@netnation.com ][ NetNation Communications ]
[ Opinions expressed are not necessarily those of my employer. ]
Reply to: