Gentoo Linux -- List Archive: gentoo-admin

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647

List Archive: gentoo-admin

Navigation:

Lists: gentoo-admin: < Prev By Thread Next > < Prev By Date Next >

Headers:

To:	gentoo-admin@g.o
From:	Adolfo Castro Menna <adolfo@...>
Subject:	Re: As can I disable arp reply
Date:	Mon, 07 Nov 2005 15:25:21 -0300

geaaru wrote:

>Thanks for your replies.
>I have a problem with ethernet interface:
>On eth0 interface I use freeradius and a pppoe server and eth0 haven't
>ip addres.
>eth0    Link encap:Ethernet  HWaddr 00:0x:xx:xx:xx:xx 
>          inet6 addr: xxxx::xxx:xxxx:xxxx:xxxx/64 Scope:Link 
>          UP BROADCAST RUNNING NOARP MULTICAST  MTU:1500  Metric:1 
>          RX packets:4136 errors:0 dropped:0 overruns:0 frame:0 
>          TX packets:3808 errors:0 dropped:0 overruns:0 carrier:0 
>          collisions:0 txqueuelen:0 
>          RX bytes:388327 (379.2 Kb)  TX bytes:956494 (934.0 Kb)
>
>However with ethereal I see that this interface send a arp-request like
>this 
>Who has 0.0.0.0? Gratiutous ARP. 
>
>As can I disable these arp request. 
>PRE: I'm under XEN SO but eth0 is on dom-0 and MAC of request is eth0
>not eth0 on dom-2. kernel 2.6.12.5-r1 and eth0 is
>eth0: e1000_probe: Intel(R) PRO/1000 Network Connection
>
>I try different solutions: 
>1) With ebtables:
>$EBTABLES -P INPUT DROP 
>$EBTABLES -P OUTPUT DROP 
>$EBTABLES -P FORWARD DROP 
>for i in $OTHER_IFACE 
>        do 
>        echo -n "Enable $i interface..." 
>        $EBTABLES -A INPUT -i $i -p arp -j ACCEPT 
>        $EBTABLES -A INPUT -i $i -p ipv4 -j ACCEPT 
>        $EBTABLES -A OUTPUT -o $i -p arp -j ACCEPT 
>        $EBTABLES -A OUTPUT -o $i -p ipv4 -j ACCEPT 
>        $EBTABLES -A FORWARD -o $i -p ipv4 -j ACCEPT 
>        $EBTABLES -A FORWARD -o $i -p arp -j ACCEPT 
>        $EBTABLES -t nat -A POSTROUTING -o $i -p arp -j ACCEPT 
>        $EBTABLES -t nat -A POSTROUTING -o $i -p ipv4 -j ACCEPT 
>        $EBTABLES -t nat -A OUTPUT -o $i -p arp -j ACCEPT 
>        $EBTABLES -t nat -A OUTPUT -o $i -p ipv4 -j ACCEPT 
>        $EBTABLES -t nat -A PREROUTING -i $i -p arp -j ACCEPT 
>        $EBTABLES -t nat -A PREROUTING -i $i -p ipv4 -j ACCEPT 
>        echo "done." 
>        done; 
>
># Rules for adsl clients interface 
>$EBTABLES -A INPUT -i eth0 -p ipv4 -j ACCEPT 
>$EBTABLES -A OUTPUT -o eth0 -p ipv4 -j ACCEPT 
>$EBTABLES -A FORWARD -o eth0 -p ipv4 -j ACCEPT 
>$EBTABLES -t nat -A PREROUTING -i eth0 -p ipv4 -j ACCEPT 
>$EBTABLES -t nat -A POSTROUTING -o eth0 -p ipv4 -j ACCEPT 
>$EBTABLES -t nat -A OUTPUT -o eth0 -p ipv4 -j ACCEPT
>
>Also with these rules there are are request to 0.0.0.0. Also if I have
>disabled all packet on eth0!!!!!! 
>2) ifconfig eth0 0.0.0.0 -arp 
>Nothings. 
>3) ip link set eth0 arp off 
>Nothings. 
>
>What can I do? 
>
>Thanks for your help.
>
>  
>
try using arptables package or take a look on /etc/sysctl.conf for arp 
stuff like:
net.ipv4.conf.eth0.arp_ignore =
net.ipv4.conf.eth0.arp_announce =
net.ipv4.conf.eth0.arp_filter =

it might help you, cheers

-- 
gentoo-admin@g.o mailing list