Re: Re: [gentoo-admin] As can I disable arp reply - gentoo-admin

From:	geaaru <geaaru@×××××.com>
To:	gentoo-admin@l.g.o
Subject:	Re: Re: [gentoo-admin] As can I disable arp reply
Date:	Tue, 08 Nov 2005 11:24:07
Message-Id:	`1131453254.12465.21.camel@localhost`
In Reply to:	Re: [gentoo-admin] As can I disable arp reply by Adolfo Castro Menna

1

Maybe there is a problem with xen: 

2

3

                                 Code:

4

5

                       testing_xen ~ # mii-tool 

6

         SIOCGMIIPHY on 'eth0' failed: Operation not supported 

7

          eth1: negotiated 100baseTx-FD flow-control, link ok 

8

                     testing_xen ~ # ethtool eth0 

9

                          Settings for eth0: 

10

                           No data available 

11

12

13

With mii-tool I can't read eth0, while is unload module of eth0 and the

14

reload module e1000 there is a new interface eth2 that mii-tool see

15

correctly. While eth0 had always same error message. I don't know! :?:

16

17

On another abnormal of this system is that if I see traffic with

18

ethereal from a client see arp request, while from ethereal on server I

19

can't see arp request!

20

21

> geaaru wrote:

22

>

23

> >Thanks for your replies.

24

> >I have a problem with ethernet interface:

25

> >On eth0 interface I use freeradius and a pppoe server and eth0 haven't

26

> >ip addres.

27

> >eth0    Link encap:Ethernet  HWaddr 00:0x:xx:xx:xx:xx

28

> >          inet6 addr: xxxx::xxx:xxxx:xxxx:xxxx/64 Scope:Link

29

> >          UP BROADCAST RUNNING NOARP MULTICAST  MTU:1500  Metric:1

30

> >          RX packets:4136 errors:0 dropped:0 overruns:0 frame:0

31

> >          TX packets:3808 errors:0 dropped:0 overruns:0 carrier:0

32

> >          collisions:0 txqueuelen:0

33

> >          RX bytes:388327 (379.2 Kb)  TX bytes:956494 (934.0 Kb)

34

> >

35

> >However with ethereal I see that this interface send a arp-request like

36

> >this

37

> >Who has 0.0.0.0? Gratiutous ARP.

38

> >

39

> >As can I disable these arp request.

40

> >PRE: I'm under XEN SO but eth0 is on dom-0 and MAC of request is eth0

41

> >not eth0 on dom-2. kernel 2.6.12.5-r1 and eth0 is

42

> >eth0: e1000_probe: Intel(R) PRO/1000 Network Connection

43

> >

44

> >I try different solutions:

45

> >1) With ebtables:

46

> >$EBTABLES -P INPUT DROP

47

> >$EBTABLES -P OUTPUT DROP

48

> >$EBTABLES -P FORWARD DROP

49

> >for i in $OTHER_IFACE

50

> >        do

51

> >        echo -n "Enable $i interface..."

52

> >        $EBTABLES -A INPUT -i $i -p arp -j ACCEPT

53

> >        $EBTABLES -A INPUT -i $i -p ipv4 -j ACCEPT

54

> >        $EBTABLES -A OUTPUT -o $i -p arp -j ACCEPT

55

> >        $EBTABLES -A OUTPUT -o $i -p ipv4 -j ACCEPT

56

> >        $EBTABLES -A FORWARD -o $i -p ipv4 -j ACCEPT

57

> >        $EBTABLES -A FORWARD -o $i -p arp -j ACCEPT

58

> >        $EBTABLES -t nat -A POSTROUTING -o $i -p arp -j ACCEPT

59

> >        $EBTABLES -t nat -A POSTROUTING -o $i -p ipv4 -j ACCEPT

60

> >        $EBTABLES -t nat -A OUTPUT -o $i -p arp -j ACCEPT

61

> >        $EBTABLES -t nat -A OUTPUT -o $i -p ipv4 -j ACCEPT

62

> >        $EBTABLES -t nat -A PREROUTING -i $i -p arp -j ACCEPT

63

> >        $EBTABLES -t nat -A PREROUTING -i $i -p ipv4 -j ACCEPT

64

> >        echo "done."

65

> >        done;

66

> >

67

> ># Rules for adsl clients interface

68

> >$EBTABLES -A INPUT -i eth0 -p ipv4 -j ACCEPT

69

> >$EBTABLES -A OUTPUT -o eth0 -p ipv4 -j ACCEPT

70

> >$EBTABLES -A FORWARD -o eth0 -p ipv4 -j ACCEPT

71

> >$EBTABLES -t nat -A PREROUTING -i eth0 -p ipv4 -j ACCEPT

72

> >$EBTABLES -t nat -A POSTROUTING -o eth0 -p ipv4 -j ACCEPT

73

> >$EBTABLES -t nat -A OUTPUT -o eth0 -p ipv4 -j ACCEPT

74

> >

75

> >Also with these rules there are are request to 0.0.0.0. Also if I have

76

> >disabled all packet on eth0!!!!!!

77

> >2) ifconfig eth0 0.0.0.0 -arp

78

> >Nothings.

79

> >3) ip link set eth0 arp off

80

> >Nothings.

81

> >

82

> >What can I do?

83

> >

84

> >Thanks for your help.

85

> >

86

> >

87

> >

88

> try using arptables package or take a look on /etc/sysctl.conf for arp

89

> stuff like:

90

> net.ipv4.conf.eth0.arp_ignore =

91

> net.ipv4.conf.eth0.arp_announce =

92

> net.ipv4.conf.eth0.arp_filter =

93

>

94

> it might help you, cheers

95

>

96

97

--

98

gentoo-admin@g.o mailing list

1	Maybe there is a problem with xen:
2
3	Code:
4
5	testing_xen ~ # mii-tool
6	SIOCGMIIPHY on 'eth0' failed: Operation not supported
7	eth1: negotiated 100baseTx-FD flow-control, link ok
8	testing_xen ~ # ethtool eth0
9	Settings for eth0:
10	No data available
11
12
13	With mii-tool I can't read eth0, while is unload module of eth0 and the
14	reload module e1000 there is a new interface eth2 that mii-tool see
15	correctly. While eth0 had always same error message. I don't know! :?:
16
17	On another abnormal of this system is that if I see traffic with
18	ethereal from a client see arp request, while from ethereal on server I
19	can't see arp request!
20
21	> geaaru wrote:
22	>
23	> >Thanks for your replies.
24	> >I have a problem with ethernet interface:
25	> >On eth0 interface I use freeradius and a pppoe server and eth0 haven't
26	> >ip addres.
27	> >eth0 Link encap:Ethernet HWaddr 00:0x:xx:xx:xx:xx
28	> > inet6 addr: xxxx::xxx:xxxx:xxxx:xxxx/64 Scope:Link
29	> > UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1
30	> > RX packets:4136 errors:0 dropped:0 overruns:0 frame:0
31	> > TX packets:3808 errors:0 dropped:0 overruns:0 carrier:0
32	> > collisions:0 txqueuelen:0
33	> > RX bytes:388327 (379.2 Kb) TX bytes:956494 (934.0 Kb)
34	> >
35	> >However with ethereal I see that this interface send a arp-request like
36	> >this
37	> >Who has 0.0.0.0? Gratiutous ARP.
38	> >
39	> >As can I disable these arp request.
40	> >PRE: I'm under XEN SO but eth0 is on dom-0 and MAC of request is eth0
41	> >not eth0 on dom-2. kernel 2.6.12.5-r1 and eth0 is
42	> >eth0: e1000_probe: Intel(R) PRO/1000 Network Connection
43	> >
44	> >I try different solutions:
45	> >1) With ebtables:
46	> >$EBTABLES -P INPUT DROP
47	> >$EBTABLES -P OUTPUT DROP
48	> >$EBTABLES -P FORWARD DROP
49	> >for i in $OTHER_IFACE
50	> > do
51	> > echo -n "Enable $i interface..."
52	> > $EBTABLES -A INPUT -i $i -p arp -j ACCEPT
53	> > $EBTABLES -A INPUT -i $i -p ipv4 -j ACCEPT
54	> > $EBTABLES -A OUTPUT -o $i -p arp -j ACCEPT
55	> > $EBTABLES -A OUTPUT -o $i -p ipv4 -j ACCEPT
56	> > $EBTABLES -A FORWARD -o $i -p ipv4 -j ACCEPT
57	> > $EBTABLES -A FORWARD -o $i -p arp -j ACCEPT
58	> > $EBTABLES -t nat -A POSTROUTING -o $i -p arp -j ACCEPT
59	> > $EBTABLES -t nat -A POSTROUTING -o $i -p ipv4 -j ACCEPT
60	> > $EBTABLES -t nat -A OUTPUT -o $i -p arp -j ACCEPT
61	> > $EBTABLES -t nat -A OUTPUT -o $i -p ipv4 -j ACCEPT
62	> > $EBTABLES -t nat -A PREROUTING -i $i -p arp -j ACCEPT
63	> > $EBTABLES -t nat -A PREROUTING -i $i -p ipv4 -j ACCEPT
64	> > echo "done."
65	> > done;
66	> >
67	> ># Rules for adsl clients interface
68	> >$EBTABLES -A INPUT -i eth0 -p ipv4 -j ACCEPT
69	> >$EBTABLES -A OUTPUT -o eth0 -p ipv4 -j ACCEPT
70	> >$EBTABLES -A FORWARD -o eth0 -p ipv4 -j ACCEPT
71	> >$EBTABLES -t nat -A PREROUTING -i eth0 -p ipv4 -j ACCEPT
72	> >$EBTABLES -t nat -A POSTROUTING -o eth0 -p ipv4 -j ACCEPT
73	> >$EBTABLES -t nat -A OUTPUT -o eth0 -p ipv4 -j ACCEPT
74	> >
75	> >Also with these rules there are are request to 0.0.0.0. Also if I have
76	> >disabled all packet on eth0!!!!!!
77	> >2) ifconfig eth0 0.0.0.0 -arp
78	> >Nothings.
79	> >3) ip link set eth0 arp off
80	> >Nothings.
81	> >
82	> >What can I do?
83	> >
84	> >Thanks for your help.
85	> >
86	> >
87	> >
88	> try using arptables package or take a look on /etc/sysctl.conf for arp
89	> stuff like:
90	> net.ipv4.conf.eth0.arp_ignore =
91	> net.ipv4.conf.eth0.arp_announce =
92	> net.ipv4.conf.eth0.arp_filter =
93	>
94	> it might help you, cheers
95	>
96
97	--
98	gentoo-admin@g.o mailing list

Gentoo Archives: gentoo-admin