On Thu, 07 Nov 2002, IT - Sven Mueller wrote:
> On Sunday 27 October 2002 20:31, Peter Palfrader wrote:
> > > >I've the following setup:
> > > >
> > > > 10.200.118.0/24 (internal)
> > > > | eth0:10.200.118.1
> > > > +--------+
> > > > | marvin |
> > > > +--------+
> > > > | eth1: 10.2.2.20
> > > > 10.0.0.0/8 (external)
> > > >
> > > >Now if a host on the external network sends an 'arp who-has
> > > >10.200.118.1' request marvin answers on eth1.
> > > >Is there any way to _stop_ that behaviour?
>
> I think the arp_filter setting should really be the setting you should try.
> As far as I understand the documentation it is _exactly_ what you are looking
> for. With arp_filter set to 1, the kernel only answers arp requests if it
> matches the IP address(es) configured for that interface. In your case, it
> should stop marvin answering the requests for 10.200.118.1, so that marvin
> only replies to arp `who-has 10.2.2.20`.
>
> At least it worked in my setup, which has two hosts that had the same dummyX
> interfaces (IPs for webserver, ftpserver etc.). Only the current server for a
> specific IP service also had eth0:X interfaces for those IPs. Well, when the
> service had to be transfered, I needed to flag the dummy interface and the
> alias interface down (yep, both) _and_ change their IPs. Otherwise, the old
> host kept responding to those ARP requests. Well, at least he did until I
> changed the arp_filter setting to 1.
Hmm. It did not in my case. I think arp_filter only answers arp requests
if it woud route packets directed to the /source of the arp request/ via
that interface.
The hidden patch on the other hand does what I wanted it to do. Only
answer arp requests if they match the ip of the interface the request is
received at.
yours,
peter
--
PGP signed and encrypted | .''`. ** Debian GNU/Linux **
messages preferred. | : :' : The universal
| `. `' Operating System
http://www.palfrader.org/ | `- http://www.debian.org/
Attachment:
pgpYdc5LFXmiq.pgp
Description: PGP signature