[gentoo-admin] As can I disable arp reply - gentoo-admin

From:	geaaru <geaaru@×××××.com>
To:	gentoo-admin@l.g.o
Subject:	[gentoo-admin] As can I disable arp reply
Date:	Mon, 07 Nov 2005 16:40:12
Message-Id:	`1131385767.6594.7.camel@localhost`

1

Thanks for your replies.

2

I have a problem with ethernet interface:

3

On eth0 interface I use freeradius and a pppoe server and eth0 haven't

4

ip addres.

5

eth0    Link encap:Ethernet  HWaddr 00:0x:xx:xx:xx:xx 

6

          inet6 addr: xxxx::xxx:xxxx:xxxx:xxxx/64 Scope:Link 

7

          UP BROADCAST RUNNING NOARP MULTICAST  MTU:1500  Metric:1 

8

          RX packets:4136 errors:0 dropped:0 overruns:0 frame:0 

9

          TX packets:3808 errors:0 dropped:0 overruns:0 carrier:0 

10

          collisions:0 txqueuelen:0 

11

          RX bytes:388327 (379.2 Kb)  TX bytes:956494 (934.0 Kb)

12

13

However with ethereal I see that this interface send a arp-request like

14

this 

15

Who has 0.0.0.0? Gratiutous ARP. 

16

17

As can I disable these arp request. 

18

PRE: I'm under XEN SO but eth0 is on dom-0 and MAC of request is eth0

19

not eth0 on dom-2. kernel 2.6.12.5-r1 and eth0 is

20

eth0: e1000_probe: Intel(R) PRO/1000 Network Connection

21

22

I try different solutions: 

23

1) With ebtables:

24

$EBTABLES -P INPUT DROP 

25

$EBTABLES -P OUTPUT DROP 

26

$EBTABLES -P FORWARD DROP 

27

for i in $OTHER_IFACE 

28

do

29

        echo -n "Enable $i interface..." 

30

        $EBTABLES -A INPUT -i $i -p arp -j ACCEPT 

31

        $EBTABLES -A INPUT -i $i -p ipv4 -j ACCEPT 

32

        $EBTABLES -A OUTPUT -o $i -p arp -j ACCEPT 

33

        $EBTABLES -A OUTPUT -o $i -p ipv4 -j ACCEPT 

34

        $EBTABLES -A FORWARD -o $i -p ipv4 -j ACCEPT 

35

        $EBTABLES -A FORWARD -o $i -p arp -j ACCEPT 

36

        $EBTABLES -t nat -A POSTROUTING -o $i -p arp -j ACCEPT 

37

        $EBTABLES -t nat -A POSTROUTING -o $i -p ipv4 -j ACCEPT 

38

        $EBTABLES -t nat -A OUTPUT -o $i -p arp -j ACCEPT 

39

        $EBTABLES -t nat -A OUTPUT -o $i -p ipv4 -j ACCEPT 

40

        $EBTABLES -t nat -A PREROUTING -i $i -p arp -j ACCEPT 

41

        $EBTABLES -t nat -A PREROUTING -i $i -p ipv4 -j ACCEPT 

42

        echo "done." 

43

        done; 

44

45

# Rules for adsl clients interface 

46

$EBTABLES -A INPUT -i eth0 -p ipv4 -j ACCEPT 

47

$EBTABLES -A OUTPUT -o eth0 -p ipv4 -j ACCEPT 

48

$EBTABLES -A FORWARD -o eth0 -p ipv4 -j ACCEPT 

49

$EBTABLES -t nat -A PREROUTING -i eth0 -p ipv4 -j ACCEPT 

50

$EBTABLES -t nat -A POSTROUTING -o eth0 -p ipv4 -j ACCEPT 

51

$EBTABLES -t nat -A OUTPUT -o eth0 -p ipv4 -j ACCEPT

52

53

Also with these rules there are are request to 0.0.0.0. Also if I have

54

disabled all packet on eth0!!!!!! 

55

2) ifconfig eth0 0.0.0.0 -arp 

56

Nothings. 

57

3) ip link set eth0 arp off 

58

Nothings. 

59

60

What can I do? 

61

62

Thanks for your help.

63

64

--

65

gentoo-admin@g.o mailing list

Gentoo Archives: gentoo-admin

Replies

1	Thanks for your replies.
2	I have a problem with ethernet interface:
3	On eth0 interface I use freeradius and a pppoe server and eth0 haven't
4	ip addres.
5	eth0 Link encap:Ethernet HWaddr 00:0x:xx:xx:xx:xx
6	inet6 addr: xxxx::xxx:xxxx:xxxx:xxxx/64 Scope:Link
7	UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1
8	RX packets:4136 errors:0 dropped:0 overruns:0 frame:0
9	TX packets:3808 errors:0 dropped:0 overruns:0 carrier:0
10	collisions:0 txqueuelen:0
11	RX bytes:388327 (379.2 Kb) TX bytes:956494 (934.0 Kb)
12
13	However with ethereal I see that this interface send a arp-request like
14	this
15	Who has 0.0.0.0? Gratiutous ARP.
16
17	As can I disable these arp request.
18	PRE: I'm under XEN SO but eth0 is on dom-0 and MAC of request is eth0
19	not eth0 on dom-2. kernel 2.6.12.5-r1 and eth0 is
20	eth0: e1000_probe: Intel(R) PRO/1000 Network Connection
21
22	I try different solutions:
23	1) With ebtables:
24	$EBTABLES -P INPUT DROP
25	$EBTABLES -P OUTPUT DROP
26	$EBTABLES -P FORWARD DROP
27	for i in $OTHER_IFACE
28	do
29	echo -n "Enable $i interface..."
30	$EBTABLES -A INPUT -i $i -p arp -j ACCEPT
31	$EBTABLES -A INPUT -i $i -p ipv4 -j ACCEPT
32	$EBTABLES -A OUTPUT -o $i -p arp -j ACCEPT
33	$EBTABLES -A OUTPUT -o $i -p ipv4 -j ACCEPT
34	$EBTABLES -A FORWARD -o $i -p ipv4 -j ACCEPT
35	$EBTABLES -A FORWARD -o $i -p arp -j ACCEPT
36	$EBTABLES -t nat -A POSTROUTING -o $i -p arp -j ACCEPT
37	$EBTABLES -t nat -A POSTROUTING -o $i -p ipv4 -j ACCEPT
38	$EBTABLES -t nat -A OUTPUT -o $i -p arp -j ACCEPT
39	$EBTABLES -t nat -A OUTPUT -o $i -p ipv4 -j ACCEPT
40	$EBTABLES -t nat -A PREROUTING -i $i -p arp -j ACCEPT
41	$EBTABLES -t nat -A PREROUTING -i $i -p ipv4 -j ACCEPT
42	echo "done."
43	done;
44
45	# Rules for adsl clients interface
46	$EBTABLES -A INPUT -i eth0 -p ipv4 -j ACCEPT
47	$EBTABLES -A OUTPUT -o eth0 -p ipv4 -j ACCEPT
48	$EBTABLES -A FORWARD -o eth0 -p ipv4 -j ACCEPT
49	$EBTABLES -t nat -A PREROUTING -i eth0 -p ipv4 -j ACCEPT
50	$EBTABLES -t nat -A POSTROUTING -o eth0 -p ipv4 -j ACCEPT
51	$EBTABLES -t nat -A OUTPUT -o eth0 -p ipv4 -j ACCEPT
52
53	Also with these rules there are are request to 0.0.0.0. Also if I have
54	disabled all packet on eth0!!!!!!
55	2) ifconfig eth0 0.0.0.0 -arp
56	Nothings.
57	3) ip link set eth0 arp off
58	Nothings.
59
60	What can I do?
61
62	Thanks for your help.
63
64	--
65	gentoo-admin@g.o mailing list