Re: arp magic
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sunday 27 October 2002 20:31, Peter Palfrader wrote:
> > >I've the following setup:
> > >
> > > 10.200.118.0/24 (internal)
> > > | eth0:10.200.118.1
> > > +--------+
> > > | marvin |
> > > +--------+
> > > | eth1: 10.2.2.20
> > > 10.0.0.0/8 (external)
> > >
> > >Now if a host on the external network sends an 'arp who-has
> > >10.200.118.1' request marvin answers on eth1.
> > >Is there any way to _stop_ that behaviour?
I think the arp_filter setting should really be the setting you should try.
As far as I understand the documentation it is _exactly_ what you are looking
for. With arp_filter set to 1, the kernel only answers arp requests if it
matches the IP address(es) configured for that interface. In your case, it
should stop marvin answering the requests for 10.200.118.1, so that marvin
only replies to arp `who-has 10.2.2.20`.
At least it worked in my setup, which has two hosts that had the same dummyX
interfaces (IPs for webserver, ftpserver etc.). Only the current server for a
specific IP service also had eth0:X interfaces for those IPs. Well, when the
service had to be transfered, I needed to flag the dummy interface and the
alias interface down (yep, both) _and_ change their IPs. Otherwise, the old
host kept responding to those ARP requests. Well, at least he did until I
changed the arp_filter setting to 1.
Regards,
Sven Müller
- - IT - Network&Infrastructure -
- --
* Heinrich Berndes Haushaltstechnik GmbH & Co KG
* Wiebelsheidestrasse 55, 59757 Arnsberg, Germany
* Phone: +49 2932 475-282 / FAX: -325
* http://www.berndes.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9yo74ss2fOBI6SZ0RAq6ZAKCGonrPiTOsZPLAicasMzR6rySYugCfZYZH
UdXCQJ+Ygew57KN5AjC9B3o=
=JPLg
-----END PGP SIGNATURE-----
Reply to: