| 1 |
On Mon, 2005-11-07 at 15:25 -0300, Adolfo Castro Menna wrote: |
| 2 |
> geaaru wrote: |
| 3 |
> |
| 4 |
> >Thanks for your replies. |
| 5 |
> >I have a problem with ethernet interface: |
| 6 |
> >On eth0 interface I use freeradius and a pppoe server and eth0 haven't |
| 7 |
> >ip addres. |
| 8 |
> >eth0 Link encap:Ethernet HWaddr 00:0x:xx:xx:xx:xx |
| 9 |
> > inet6 addr: xxxx::xxx:xxxx:xxxx:xxxx/64 Scope:Link |
| 10 |
> > UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1 |
| 11 |
> > RX packets:4136 errors:0 dropped:0 overruns:0 frame:0 |
| 12 |
> > TX packets:3808 errors:0 dropped:0 overruns:0 carrier:0 |
| 13 |
> > collisions:0 txqueuelen:0 |
| 14 |
> > RX bytes:388327 (379.2 Kb) TX bytes:956494 (934.0 Kb) |
| 15 |
> > |
| 16 |
> >However with ethereal I see that this interface send a arp-request like |
| 17 |
> >this |
| 18 |
> >Who has 0.0.0.0? Gratiutous ARP. |
| 19 |
> > |
| 20 |
> >As can I disable these arp request. |
| 21 |
> >PRE: I'm under XEN SO but eth0 is on dom-0 and MAC of request is eth0 |
| 22 |
> >not eth0 on dom-2. kernel 2.6.12.5-r1 and eth0 is |
| 23 |
> >eth0: e1000_probe: Intel(R) PRO/1000 Network Connection |
| 24 |
> > |
| 25 |
> >I try different solutions: |
| 26 |
> >1) With ebtables: |
| 27 |
> >$EBTABLES -P INPUT DROP |
| 28 |
> >$EBTABLES -P OUTPUT DROP |
| 29 |
> >$EBTABLES -P FORWARD DROP |
| 30 |
> >for i in $OTHER_IFACE |
| 31 |
> > do |
| 32 |
> > echo -n "Enable $i interface..." |
| 33 |
> > $EBTABLES -A INPUT -i $i -p arp -j ACCEPT |
| 34 |
> > $EBTABLES -A INPUT -i $i -p ipv4 -j ACCEPT |
| 35 |
> > $EBTABLES -A OUTPUT -o $i -p arp -j ACCEPT |
| 36 |
> > $EBTABLES -A OUTPUT -o $i -p ipv4 -j ACCEPT |
| 37 |
> > $EBTABLES -A FORWARD -o $i -p ipv4 -j ACCEPT |
| 38 |
> > $EBTABLES -A FORWARD -o $i -p arp -j ACCEPT |
| 39 |
> > $EBTABLES -t nat -A POSTROUTING -o $i -p arp -j ACCEPT |
| 40 |
> > $EBTABLES -t nat -A POSTROUTING -o $i -p ipv4 -j ACCEPT |
| 41 |
> > $EBTABLES -t nat -A OUTPUT -o $i -p arp -j ACCEPT |
| 42 |
> > $EBTABLES -t nat -A OUTPUT -o $i -p ipv4 -j ACCEPT |
| 43 |
> > $EBTABLES -t nat -A PREROUTING -i $i -p arp -j ACCEPT |
| 44 |
> > $EBTABLES -t nat -A PREROUTING -i $i -p ipv4 -j ACCEPT |
| 45 |
> > echo "done." |
| 46 |
> > done; |
| 47 |
> > |
| 48 |
> ># Rules for adsl clients interface |
| 49 |
> >$EBTABLES -A INPUT -i eth0 -p ipv4 -j ACCEPT |
| 50 |
> >$EBTABLES -A OUTPUT -o eth0 -p ipv4 -j ACCEPT |
| 51 |
> >$EBTABLES -A FORWARD -o eth0 -p ipv4 -j ACCEPT |
| 52 |
> >$EBTABLES -t nat -A PREROUTING -i eth0 -p ipv4 -j ACCEPT |
| 53 |
> >$EBTABLES -t nat -A POSTROUTING -o eth0 -p ipv4 -j ACCEPT |
| 54 |
> >$EBTABLES -t nat -A OUTPUT -o eth0 -p ipv4 -j ACCEPT |
| 55 |
> > |
| 56 |
> >Also with these rules there are are request to 0.0.0.0. Also if I have |
| 57 |
> >disabled all packet on eth0!!!!!! |
| 58 |
> >2) ifconfig eth0 0.0.0.0 -arp |
| 59 |
> >Nothings. |
| 60 |
> >3) ip link set eth0 arp off |
| 61 |
> >Nothings. |
| 62 |
> > |
| 63 |
> >What can I do? |
| 64 |
> > |
| 65 |
> >Thanks for your help. |
| 66 |
> > |
| 67 |
> > |
| 68 |
> > |
| 69 |
> try using arptables package or take a look on /etc/sysctl.conf for arp |
| 70 |
> stuff like: |
| 71 |
> net.ipv4.conf.eth0.arp_ignore = |
| 72 |
> net.ipv4.conf.eth0.arp_announce = |
| 73 |
> net.ipv4.conf.eth0.arp_filter = |
| 74 |
> |
| 75 |
> it might help you, cheers |
| 76 |
> |
| 77 |
|
| 78 |
on /proc/sys/net/ipv4/conf/eth0: arp_announce, arp_filter and arp_ignore |
| 79 |
are set to 0. It doesn't work. Also if I set to 1 arp_ignore and |
| 80 |
arp_filter. |
| 81 |
Maybe is a problem with Xen!I don't know! |
| 82 |
|
| 83 |
-- |
| 84 |
gentoo-admin@g.o mailing list |
Archives