Re: [2.4 PATCH] bugfix: ARP respond on all devices
From: Willy Tarreau
Date: Mon Aug 18 2003 - 02:40:50 EST
On Mon, Aug 18, 2003 at 12:01:39AM -0700, David S. Miller wrote:
> On Mon, 18 Aug 2003 08:56:52 +0200
> Willy Tarreau <willy@xxxxxxxxx> wrote:
>
> > But I'm willing to try arpfilter if you show me where to start from.
>
> There are tools at:
>
> http://ebtables.sourceforge.net/
Thanks, I've downloaded them and will take a look at them. By the time, I did
some random tests with 'ip arp', and found a simple way to solve the problem
I reported initially. This can be of interest to others BTW :
Trivial example below :
My host wants to use address 10.0.0.1 to talk to the world, but through
the gateway 11.0.0.2 reachable from 11.0.0.1 :
ip address add 10.0.0.1/24 dev eth0
ip address add 11.0.0.1/24 dev eth0
ip route add default via 11.0.0.2 src 10.0.0.1
=> same as before till this
ip arp append table output to 11.0.0.0/24 oif eth0 src 11.0.0.1
=> now it will use 11.0.0.1 to find its gateway (11.0.0.2)
So as a general rule of thumb, I would recommend people to systematically call
"ip arp append table output to [network] oif [NIC] src [local_ip]" after an
"ip address add [local_ip] dev [NIC]". And yes, I agree that these are standard
tools, but I maintain that the default behaviour should be cleaner.
I also found that I can filter incoming requests easily with "table input" :
ip arp append table input deny
ip arp add table input allow from 11.0.0.0/24 to 11.0.0.0/24 iif eth0
ip arp add table input allow from 10.0.0.0/24 to 10.0.0.0/24 iif eth0
I don't understand how the forward table is used, BTW, but I'll search a bit
more. If I finally understand how all this works, I may propose a simple how-to
to put under Documentation/networking/arp.txt so solve most common problems.
Cheers,
Willy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/