Re: arp magic
In article <[🔎] 20021026101853.GA1070@valiant.sbg.palfrader.org>
weasel@debian.org writes:
>I've the following setup:
>
> 10.200.118.0/24 (internal)
> |
> |
> | eth0:10.200.118.1
> +--------+
> | marvin |
> +--------+
> | eth1: 10.2.2.20
> |
> |
> 10.0.0.0/8 (external)
>
>Now if a host on the external network sends an 'arp who-has
>10.200.118.1' request marvin answers on eth1.
>Is there any way to _stop_ that behaviour?
I assume what you realy want is eth1 to have all of 10.0.0.0/8 except
10.200.118.0/24. This is possible but ugly. Better solutions in most
cases involve either renumbering one of the networks (the
172.16.0.0/12 range is available in most cases) or putting a more
restrictive netmask on eth1.
To do the selective routing, set the netmask on eth1 to 10.0.0.0/9 and
add something like the following to your if-up script:
ip route add 10.128.0.0/10 dev eth1 src 10.2.2.20
ip route add 10.192.0.0/13 dev eth1 src 10.2.2.20
# stuff to split up 10.200 goes here
ip route add 10.201.0.0/16 dev eth1 src 10.2.2.20
ip route add 10.202.0.0/15 dev eth1 src 10.2.2.20
ip route add 10.204.0.0/14 dev eth1 src 10.2.2.20
ip route add 10.208.0.0/13 dev eth1 src 10.2.2.20
ip route add 10.216.0.0/11 dev eth1 src 10.2.2.20
The useful ip command is in the iproute package.
(Double check my netmasks...)
--
Blars Blarson blarson@blars.org
http://www.blars.org/blars.html
"Text is a way we cheat time." -- Patrick Nielsen Hayden
Reply to:
- References:
- arp magic
- From: Peter Palfrader <weasel@debian.org>