[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Iptable NAT problem - ARP ?

On Thu, 2004-08-12 at 04:25, Mike Mestnik wrote:
> http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-linux/2002-01/0094.html
> I guess I could be wrong as this doc describes the alias is only used for
> arp replys.  It(the alias) also automaticaly puts incoming pkts onto the
> INPUT table.
Thanks for the info!

>   Without the alias these pkts WOULD get routed, most probly out the
> default route or sent to the local MAC addres.  This behaviour can be
> acheved with a userlevel APR tool, I use farpd.  This may be more secure
> as you would need to explicatly DNAT these pkts or they would, after
> looping several(30 or less) times, have TTL-time outs.
Can't I enable firewall to handle ARP request without installing any
other like farpd?
What is this /proc/sys/net/ipv4/conf/eth0/proxy_arp for?
Is it something to do with this?


Debian GNU/Linux Sarge kernel 2.4.22-openmosix-1

Give him an evasive answer.

Reply to: