Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user-ru

From: "Andrew A. Sabitov" <sabitov@×××××××××.ru>
To: gentoo-user-ru@l.g.o
Subject: Re: [gentoo-user-ru] Не ходят пинги в локалке. Кто виноват и что делать???
Date: Thu, 04 Jun 2015 08:58:00
Message-Id: 5570130E.3070405@catalysis.ru
In Reply to: Re: [gentoo-user-ru] Не ходят пинги в локалке. Кто виноват и что делать??? by Alex Efros
1 On 04.06.2015 14:55, Alex Efros wrote:
2 > Hi!
3 >
4 > On Thu, Jun 04, 2015 at 01:39:57PM +0600, Andrew A. Sabitov wrote:
5 >> Коллеги, кто может раскрыть секрет: что, хотя бы в теории, может убивать
6 >> пакеты _до_ iptables???
7 > Ядро, разумеется. Там тоже есть фильтры пакетов, например проверки source
8 > route работают в сложных конфигурациях… странновато. Я предпочитаю их
9 > отключать и реализовывать защиту от спуфинга ручками в iptables.
10 >
11 > При этом в hardened настройки ядра по умолчанию для source route
12 > изменились недавно (https://bugs.gentoo.org/show_bug.cgi?id=534132),
13 > поэтому я бы рекомендовал явно прописать в /etc/sysctl.conf:
14 > net.ipv4.conf.default.rp_filter = 0
15 > net.ipv4.conf.all.rp_filter = 0
16 > и перегрузиться (или выставить этот 0 ручками в /proc или через sysctl для
17 > всех интерфейсов плюс к default и all).
18 >
19
20 Уже давно сделал :(
21
22 ~ # sysctl -a | grep rp_fil
23 net.ipv4.conf.all.arp_filter = 0
24 net.ipv4.conf.all.rp_filter = 0
25 net.ipv4.conf.default.arp_filter = 0
26 net.ipv4.conf.default.rp_filter = 0
27 net.ipv4.conf.eth0.arp_filter = 0
28 net.ipv4.conf.eth0.rp_filter = 0
29 net.ipv4.conf.eth0/0007.arp_filter = 0
30 net.ipv4.conf.eth0/0007.rp_filter = 0
31 net.ipv4.conf.eth0/0008.arp_filter = 0
32 net.ipv4.conf.eth0/0008.rp_filter = 0
33 net.ipv4.conf.eth0/0016.arp_filter = 0
34 net.ipv4.conf.eth0/0016.rp_filter = 0
35 net.ipv4.conf.eth0/0017.arp_filter = 0
36 net.ipv4.conf.eth0/0017.rp_filter = 0
37 net.ipv4.conf.eth0/0018.arp_filter = 0
38 net.ipv4.conf.eth0/0018.rp_filter = 0
39 net.ipv4.conf.eth0/0019.arp_filter = 0
40 net.ipv4.conf.eth0/0019.rp_filter = 0
41 net.ipv4.conf.eth0/0021.arp_filter = 0
42 net.ipv4.conf.eth0/0021.rp_filter = 0
43 net.ipv4.conf.eth0/0032.arp_filter = 0
44 net.ipv4.conf.eth0/0032.rp_filter = 0
45 net.ipv4.conf.eth0/0040.arp_filter = 0
46 net.ipv4.conf.eth0/0040.rp_filter = 0
47 net.ipv4.conf.eth0/0130.arp_filter = 0
48 net.ipv4.conf.eth0/0130.rp_filter = 0
49 net.ipv4.conf.eth0/0131.arp_filter = 0
50 net.ipv4.conf.eth0/0131.rp_filter = 0
51 net.ipv4.conf.eth0/0132.arp_filter = 0
52 net.ipv4.conf.eth0/0132.rp_filter = 0
53 net.ipv4.conf.eth0/0133.arp_filter = 0
54 net.ipv4.conf.eth0/0133.rp_filter = 0
55 net.ipv4.conf.eth0/0134.arp_filter = 0
56 net.ipv4.conf.eth0/0134.rp_filter = 0
57 net.ipv4.conf.eth0/0135.arp_filter = 0
58 net.ipv4.conf.eth0/0135.rp_filter = 0
59 net.ipv4.conf.eth0/0141.arp_filter = 0
60 net.ipv4.conf.eth0/0141.rp_filter = 0
61 net.ipv4.conf.eth0/0144.arp_filter = 0
62 net.ipv4.conf.eth0/0144.rp_filter = 0
63 net.ipv4.conf.eth0/0150.arp_filter = 0
64 net.ipv4.conf.eth0/0150.rp_filter = 0
65 net.ipv4.conf.eth0/0151.arp_filter = 0
66 net.ipv4.conf.eth0/0151.rp_filter = 0
67 net.ipv4.conf.eth0/0152.arp_filter = 0
68 net.ipv4.conf.eth0/0152.rp_filter = 0
69 net.ipv4.conf.eth0/0153.arp_filter = 0
70 net.ipv4.conf.eth0/0153.rp_filter = 0
71 net.ipv4.conf.eth0/0154.arp_filter = 0
72 net.ipv4.conf.eth0/0154.rp_filter = 0
73 net.ipv4.conf.eth0/0155.arp_filter = 0
74 net.ipv4.conf.eth0/0155.rp_filter = 0
75 net.ipv4.conf.eth0/0156.arp_filter = 0
76 net.ipv4.conf.eth0/0156.rp_filter = 0
77 net.ipv4.conf.eth0/0157.arp_filter = 0
78 net.ipv4.conf.eth0/0157.rp_filter = 0
79 net.ipv4.conf.eth0/0158.arp_filter = 0
80 net.ipv4.conf.eth0/0158.rp_filter = 0
81 net.ipv4.conf.eth0/0161.arp_filter = 0
82 net.ipv4.conf.eth0/0161.rp_filter = 0
83 net.ipv4.conf.eth0/0162.arp_filter = 0
84 net.ipv4.conf.eth0/0162.rp_filter = 0
85 net.ipv4.conf.eth0/0181.arp_filter = 0
86 net.ipv4.conf.eth0/0181.rp_filter = 0
87 net.ipv4.conf.eth0/0182.arp_filter = 0
88 net.ipv4.conf.eth0/0182.rp_filter = 0
89 net.ipv4.conf.eth0/0183.arp_filter = 0
90 net.ipv4.conf.eth0/0183.rp_filter = 0
91 net.ipv4.conf.eth0/0184.arp_filter = 0
92 net.ipv4.conf.eth0/0184.rp_filter = 0
93 net.ipv4.conf.eth0/0201.arp_filter = 0
94 net.ipv4.conf.eth0/0201.rp_filter = 0
95 net.ipv4.conf.eth0/0202.arp_filter = 0
96 net.ipv4.conf.eth0/0202.rp_filter = 0
97 net.ipv4.conf.eth0/0203.arp_filter = 0
98 net.ipv4.conf.eth0/0203.rp_filter = 0
99 net.ipv4.conf.eth0/0221.arp_filter = 0
100 net.ipv4.conf.eth0/0221.rp_filter = 0
101 net.ipv4.conf.eth0/0224.arp_filter = 0
102 net.ipv4.conf.eth0/0224.rp_filter = 0
103 net.ipv4.conf.eth1.arp_filter = 0
104 net.ipv4.conf.eth1.rp_filter = 0
105 net.ipv4.conf.lo.arp_filter = 0
106 net.ipv4.conf.lo.rp_filter = 0

Replies

Subject Author
Re: [gentoo-user-ru] Не ходят пинги в локалке. Кто виноват и что делать??? Alex Efros <powerman@××××××××.name>
Report Message
Find on MARC Find on Google Groups