Gentoo Archives: gentoo-admin

From: geaaru <geaaru@×××××.com>
To: gentoo-admin@l.g.o
Subject: Re: Re: [gentoo-admin] As can I disable arp reply
Date: Tue, 08 Nov 2005 11:24:07
Message-Id: 1131453254.12465.21.camel@localhost
In Reply to: Re: [gentoo-admin] As can I disable arp reply by Adolfo Castro Menna
Maybe there is a problem with xen: 

                       testing_xen ~ # mii-tool 
         SIOCGMIIPHY on 'eth0' failed: Operation not supported 
          eth1: negotiated 100baseTx-FD flow-control, link ok 
                     testing_xen ~ # ethtool eth0 
                          Settings for eth0: 
                           No data available 

With mii-tool I can't read eth0, while is unload module of eth0 and the
reload module e1000 there is a new interface eth2 that mii-tool see
correctly. While eth0 had always same error message. I don't know! :?:

On another abnormal of this system is that if I see traffic with
ethereal from a client see arp request, while from ethereal on server I
can't see arp request!

> geaaru wrote: > > >Thanks for your replies. > >I have a problem with ethernet interface: > >On eth0 interface I use freeradius and a pppoe server and eth0 haven't > >ip addres. > >eth0 Link encap:Ethernet HWaddr 00:0x:xx:xx:xx:xx > > inet6 addr: xxxx::xxx:xxxx:xxxx:xxxx/64 Scope:Link > > UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1 > > RX packets:4136 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:3808 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:388327 (379.2 Kb) TX bytes:956494 (934.0 Kb) > > > >However with ethereal I see that this interface send a arp-request like > >this > >Who has Gratiutous ARP. > > > >As can I disable these arp request. > >PRE: I'm under XEN SO but eth0 is on dom-0 and MAC of request is eth0 > >not eth0 on dom-2. kernel and eth0 is > >eth0: e1000_probe: Intel(R) PRO/1000 Network Connection > > > >I try different solutions: > >1) With ebtables: > >$EBTABLES -P INPUT DROP > >$EBTABLES -P OUTPUT DROP > >$EBTABLES -P FORWARD DROP > >for i in $OTHER_IFACE > > do > > echo -n "Enable $i interface..." > > $EBTABLES -A INPUT -i $i -p arp -j ACCEPT > > $EBTABLES -A INPUT -i $i -p ipv4 -j ACCEPT > > $EBTABLES -A OUTPUT -o $i -p arp -j ACCEPT > > $EBTABLES -A OUTPUT -o $i -p ipv4 -j ACCEPT > > $EBTABLES -A FORWARD -o $i -p ipv4 -j ACCEPT > > $EBTABLES -A FORWARD -o $i -p arp -j ACCEPT > > $EBTABLES -t nat -A POSTROUTING -o $i -p arp -j ACCEPT > > $EBTABLES -t nat -A POSTROUTING -o $i -p ipv4 -j ACCEPT > > $EBTABLES -t nat -A OUTPUT -o $i -p arp -j ACCEPT > > $EBTABLES -t nat -A OUTPUT -o $i -p ipv4 -j ACCEPT > > $EBTABLES -t nat -A PREROUTING -i $i -p arp -j ACCEPT > > $EBTABLES -t nat -A PREROUTING -i $i -p ipv4 -j ACCEPT > > echo "done." > > done; > > > ># Rules for adsl clients interface > >$EBTABLES -A INPUT -i eth0 -p ipv4 -j ACCEPT > >$EBTABLES -A OUTPUT -o eth0 -p ipv4 -j ACCEPT > >$EBTABLES -A FORWARD -o eth0 -p ipv4 -j ACCEPT > >$EBTABLES -t nat -A PREROUTING -i eth0 -p ipv4 -j ACCEPT > >$EBTABLES -t nat -A POSTROUTING -o eth0 -p ipv4 -j ACCEPT > >$EBTABLES -t nat -A OUTPUT -o eth0 -p ipv4 -j ACCEPT > > > >Also with these rules there are are request to Also if I have > >disabled all packet on eth0!!!!!! > >2) ifconfig eth0 -arp > >Nothings. > >3) ip link set eth0 arp off > >Nothings. > > > >What can I do? > > > >Thanks for your help. > > > > > > > try using arptables package or take a look on /etc/sysctl.conf for arp > stuff like: > net.ipv4.conf.eth0.arp_ignore = > net.ipv4.conf.eth0.arp_announce = > net.ipv4.conf.eth0.arp_filter = > > it might help you, cheers >
-- gentoo-admin@g.o mailing list