[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: arp magic



On Thu, 07 Nov 2002, IT - Sven Mueller wrote:

> On Sunday 27 October 2002 20:31, Peter Palfrader wrote:
> > > >I've the following setup:
> > > >
> > > >                 10.200.118.0/24 (internal)
> > > >                     | eth0:10.200.118.1
> > > >                 +--------+
> > > >                 | marvin |
> > > >                 +--------+
> > > >                     | eth1: 10.2.2.20
> > > >                  10.0.0.0/8 (external)
> > > >
> > > >Now if a host on the external network sends an 'arp who-has
> > > >10.200.118.1' request marvin answers on eth1.
> > > >Is there any way to _stop_ that behaviour?
> 
> I think the arp_filter setting should really be the  setting you should try. 
> As far as I understand the documentation it is _exactly_ what you are looking 
> for. With arp_filter set to 1, the kernel only answers arp requests if it 
> matches the IP address(es) configured for that interface. In your case, it 
> should stop marvin answering the requests for 10.200.118.1, so that marvin 
> only replies to arp `who-has 10.2.2.20`.
> 
> At least it worked in my setup, which has two hosts that had the same dummyX 
> interfaces (IPs for webserver, ftpserver etc.). Only the current server for a 
> specific IP service also had eth0:X interfaces for those IPs. Well, when the 
> service had to be transfered, I needed to flag the dummy interface and the 
> alias interface down (yep, both) _and_ change their IPs. Otherwise, the old 
> host kept responding to those ARP requests. Well, at least he did until I 
> changed the arp_filter setting to 1.

Hmm. It did not in my case. I think arp_filter only answers arp requests
if it woud route packets directed to the /source of the arp request/ via
that interface.

The hidden patch on the other hand does what I wanted it to do. Only
answer arp requests if they match the ip of the interface the request is
received at.

					yours,
					peter

-- 
 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
 http://www.palfrader.org/ |   `-    http://www.debian.org/

Attachment: pgpv4v1fl2XHG.pgp
Description: PGP signature


Reply to: