1 |
geaaru wrote: |
2 |
|
3 |
>Thanks for your replies. |
4 |
>I have a problem with ethernet interface: |
5 |
>On eth0 interface I use freeradius and a pppoe server and eth0 haven't |
6 |
>ip addres. |
7 |
>eth0 Link encap:Ethernet HWaddr 00:0x:xx:xx:xx:xx |
8 |
> inet6 addr: xxxx::xxx:xxxx:xxxx:xxxx/64 Scope:Link |
9 |
> UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1 |
10 |
> RX packets:4136 errors:0 dropped:0 overruns:0 frame:0 |
11 |
> TX packets:3808 errors:0 dropped:0 overruns:0 carrier:0 |
12 |
> collisions:0 txqueuelen:0 |
13 |
> RX bytes:388327 (379.2 Kb) TX bytes:956494 (934.0 Kb) |
14 |
> |
15 |
>However with ethereal I see that this interface send a arp-request like |
16 |
>this |
17 |
>Who has 0.0.0.0? Gratiutous ARP. |
18 |
> |
19 |
>As can I disable these arp request. |
20 |
>PRE: I'm under XEN SO but eth0 is on dom-0 and MAC of request is eth0 |
21 |
>not eth0 on dom-2. kernel 2.6.12.5-r1 and eth0 is |
22 |
>eth0: e1000_probe: Intel(R) PRO/1000 Network Connection |
23 |
> |
24 |
>I try different solutions: |
25 |
>1) With ebtables: |
26 |
>$EBTABLES -P INPUT DROP |
27 |
>$EBTABLES -P OUTPUT DROP |
28 |
>$EBTABLES -P FORWARD DROP |
29 |
>for i in $OTHER_IFACE |
30 |
> do |
31 |
> echo -n "Enable $i interface..." |
32 |
> $EBTABLES -A INPUT -i $i -p arp -j ACCEPT |
33 |
> $EBTABLES -A INPUT -i $i -p ipv4 -j ACCEPT |
34 |
> $EBTABLES -A OUTPUT -o $i -p arp -j ACCEPT |
35 |
> $EBTABLES -A OUTPUT -o $i -p ipv4 -j ACCEPT |
36 |
> $EBTABLES -A FORWARD -o $i -p ipv4 -j ACCEPT |
37 |
> $EBTABLES -A FORWARD -o $i -p arp -j ACCEPT |
38 |
> $EBTABLES -t nat -A POSTROUTING -o $i -p arp -j ACCEPT |
39 |
> $EBTABLES -t nat -A POSTROUTING -o $i -p ipv4 -j ACCEPT |
40 |
> $EBTABLES -t nat -A OUTPUT -o $i -p arp -j ACCEPT |
41 |
> $EBTABLES -t nat -A OUTPUT -o $i -p ipv4 -j ACCEPT |
42 |
> $EBTABLES -t nat -A PREROUTING -i $i -p arp -j ACCEPT |
43 |
> $EBTABLES -t nat -A PREROUTING -i $i -p ipv4 -j ACCEPT |
44 |
> echo "done." |
45 |
> done; |
46 |
> |
47 |
># Rules for adsl clients interface |
48 |
>$EBTABLES -A INPUT -i eth0 -p ipv4 -j ACCEPT |
49 |
>$EBTABLES -A OUTPUT -o eth0 -p ipv4 -j ACCEPT |
50 |
>$EBTABLES -A FORWARD -o eth0 -p ipv4 -j ACCEPT |
51 |
>$EBTABLES -t nat -A PREROUTING -i eth0 -p ipv4 -j ACCEPT |
52 |
>$EBTABLES -t nat -A POSTROUTING -o eth0 -p ipv4 -j ACCEPT |
53 |
>$EBTABLES -t nat -A OUTPUT -o eth0 -p ipv4 -j ACCEPT |
54 |
> |
55 |
>Also with these rules there are are request to 0.0.0.0. Also if I have |
56 |
>disabled all packet on eth0!!!!!! |
57 |
>2) ifconfig eth0 0.0.0.0 -arp |
58 |
>Nothings. |
59 |
>3) ip link set eth0 arp off |
60 |
>Nothings. |
61 |
> |
62 |
>What can I do? |
63 |
> |
64 |
>Thanks for your help. |
65 |
> |
66 |
> |
67 |
> |
68 |
try using arptables package or take a look on /etc/sysctl.conf for arp |
69 |
stuff like: |
70 |
net.ipv4.conf.eth0.arp_ignore = |
71 |
net.ipv4.conf.eth0.arp_announce = |
72 |
net.ipv4.conf.eth0.arp_filter = |
73 |
|
74 |
it might help you, cheers |
75 |
|
76 |
-- |
77 |
gentoo-admin@g.o mailing list |