On Thu, 07 Nov 2002, IT - Sven Mueller wrote: > On Sunday 27 October 2002 20:31, Peter Palfrader wrote: > > > >I've the following setup: > > > > > > > > 10.200.118.0/24 (internal) > > > > | eth0:10.200.118.1 > > > > +--------+ > > > > | marvin | > > > > +--------+ > > > > | eth1: 10.2.2.20 > > > > 10.0.0.0/8 (external) > > > > > > > >Now if a host on the external network sends an 'arp who-has > > > >10.200.118.1' request marvin answers on eth1. > > > >Is there any way to _stop_ that behaviour? > > I think the arp_filter setting should really be the setting you should try. > As far as I understand the documentation it is _exactly_ what you are looking > for. With arp_filter set to 1, the kernel only answers arp requests if it > matches the IP address(es) configured for that interface. In your case, it > should stop marvin answering the requests for 10.200.118.1, so that marvin > only replies to arp `who-has 10.2.2.20`. > > At least it worked in my setup, which has two hosts that had the same dummyX > interfaces (IPs for webserver, ftpserver etc.). Only the current server for a > specific IP service also had eth0:X interfaces for those IPs. Well, when the > service had to be transfered, I needed to flag the dummy interface and the > alias interface down (yep, both) _and_ change their IPs. Otherwise, the old > host kept responding to those ARP requests. Well, at least he did until I > changed the arp_filter setting to 1. Hmm. It did not in my case. I think arp_filter only answers arp requests if it woud route packets directed to the /source of the arp request/ via that interface. The hidden patch on the other hand does what I wanted it to do. Only answer arp requests if they match the ip of the interface the request is received at. yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred. | : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `- http://www.debian.org/
Attachment:
pgpYdc5LFXmiq.pgp
Description: PGP signature