| 1 |
geaaru wrote: |
| 2 |
|
| 3 |
>Thanks for your replies. |
| 4 |
>I have a problem with ethernet interface: |
| 5 |
>On eth0 interface I use freeradius and a pppoe server and eth0 haven't |
| 6 |
>ip addres. |
| 7 |
>eth0 Link encap:Ethernet HWaddr 00:0x:xx:xx:xx:xx |
| 8 |
> inet6 addr: xxxx::xxx:xxxx:xxxx:xxxx/64 Scope:Link |
| 9 |
> UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1 |
| 10 |
> RX packets:4136 errors:0 dropped:0 overruns:0 frame:0 |
| 11 |
> TX packets:3808 errors:0 dropped:0 overruns:0 carrier:0 |
| 12 |
> collisions:0 txqueuelen:0 |
| 13 |
> RX bytes:388327 (379.2 Kb) TX bytes:956494 (934.0 Kb) |
| 14 |
> |
| 15 |
>However with ethereal I see that this interface send a arp-request like |
| 16 |
>this |
| 17 |
>Who has 0.0.0.0? Gratiutous ARP. |
| 18 |
> |
| 19 |
>As can I disable these arp request. |
| 20 |
>PRE: I'm under XEN SO but eth0 is on dom-0 and MAC of request is eth0 |
| 21 |
>not eth0 on dom-2. kernel 2.6.12.5-r1 and eth0 is |
| 22 |
>eth0: e1000_probe: Intel(R) PRO/1000 Network Connection |
| 23 |
> |
| 24 |
>I try different solutions: |
| 25 |
>1) With ebtables: |
| 26 |
>$EBTABLES -P INPUT DROP |
| 27 |
>$EBTABLES -P OUTPUT DROP |
| 28 |
>$EBTABLES -P FORWARD DROP |
| 29 |
>for i in $OTHER_IFACE |
| 30 |
> do |
| 31 |
> echo -n "Enable $i interface..." |
| 32 |
> $EBTABLES -A INPUT -i $i -p arp -j ACCEPT |
| 33 |
> $EBTABLES -A INPUT -i $i -p ipv4 -j ACCEPT |
| 34 |
> $EBTABLES -A OUTPUT -o $i -p arp -j ACCEPT |
| 35 |
> $EBTABLES -A OUTPUT -o $i -p ipv4 -j ACCEPT |
| 36 |
> $EBTABLES -A FORWARD -o $i -p ipv4 -j ACCEPT |
| 37 |
> $EBTABLES -A FORWARD -o $i -p arp -j ACCEPT |
| 38 |
> $EBTABLES -t nat -A POSTROUTING -o $i -p arp -j ACCEPT |
| 39 |
> $EBTABLES -t nat -A POSTROUTING -o $i -p ipv4 -j ACCEPT |
| 40 |
> $EBTABLES -t nat -A OUTPUT -o $i -p arp -j ACCEPT |
| 41 |
> $EBTABLES -t nat -A OUTPUT -o $i -p ipv4 -j ACCEPT |
| 42 |
> $EBTABLES -t nat -A PREROUTING -i $i -p arp -j ACCEPT |
| 43 |
> $EBTABLES -t nat -A PREROUTING -i $i -p ipv4 -j ACCEPT |
| 44 |
> echo "done." |
| 45 |
> done; |
| 46 |
> |
| 47 |
># Rules for adsl clients interface |
| 48 |
>$EBTABLES -A INPUT -i eth0 -p ipv4 -j ACCEPT |
| 49 |
>$EBTABLES -A OUTPUT -o eth0 -p ipv4 -j ACCEPT |
| 50 |
>$EBTABLES -A FORWARD -o eth0 -p ipv4 -j ACCEPT |
| 51 |
>$EBTABLES -t nat -A PREROUTING -i eth0 -p ipv4 -j ACCEPT |
| 52 |
>$EBTABLES -t nat -A POSTROUTING -o eth0 -p ipv4 -j ACCEPT |
| 53 |
>$EBTABLES -t nat -A OUTPUT -o eth0 -p ipv4 -j ACCEPT |
| 54 |
> |
| 55 |
>Also with these rules there are are request to 0.0.0.0. Also if I have |
| 56 |
>disabled all packet on eth0!!!!!! |
| 57 |
>2) ifconfig eth0 0.0.0.0 -arp |
| 58 |
>Nothings. |
| 59 |
>3) ip link set eth0 arp off |
| 60 |
>Nothings. |
| 61 |
> |
| 62 |
>What can I do? |
| 63 |
> |
| 64 |
>Thanks for your help. |
| 65 |
> |
| 66 |
> |
| 67 |
> |
| 68 |
try using arptables package or take a look on /etc/sysctl.conf for arp |
| 69 |
stuff like: |
| 70 |
net.ipv4.conf.eth0.arp_ignore = |
| 71 |
net.ipv4.conf.eth0.arp_announce = |
| 72 |
net.ipv4.conf.eth0.arp_filter = |
| 73 |
|
| 74 |
it might help you, cheers |
| 75 |
|
| 76 |
-- |
| 77 |
gentoo-admin@g.o mailing list |
Archives