Thanks for information,
PS: Is vlan+vconfig right solution to reject arp requests ? On 12:00 Thu 23 Oct , Daniel wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > eth0 Link encap:Ethernet > > HWaddr 00:02:B3:50:88:D3 inet addr:5.5.5.98 Bcast:5.5.5.255 > > inet addr:5.5.5.98 Bcast:5.5.5.255 Mask:255.255.255.0 > > Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > > eth1 Link encap:Ethernet HWaddr 00:02:B3:50:88:D4 inet addr:192.168.1.12 > > Bcast:192.168.1.63 Mask:255.255.255.192 UP BROADCAST RUNNING MULTICAST > > MTU:1500 Metric:1 > > > route: > > 192.168.1.17 * 255.255.255.255 UH 0 0 0 eth1 > > 192.168.1.16 * 255.255.255.255 UH 0 0 0 eth1 > > 192.168.1.19 * 255.255.255.255 UH 0 0 0 eth1 > > 5.5.5.0 * 255.255.255.0 U 0 0 0 eth0 > > 127.0.0.0 * 255.0.0.0 U 0 0 0 lo > > default 5.5.5.1 0.0.0.0 UG 0 0 0 eth0 > > > > notice there is no route for 192.168.1.12:255.255.255.192 though eth1 > > The 192.168.1.17,192.168.1.16,192.168.1.19 are the only routes through eth1. > There should be a 192.168.1.12 /255.255.255.192 route there too. > > > gateway 5.5.5.1 (Cisco router) > > there is a computer in 5.5.5.0 > > > > eth0 Link encap:Ethernet HWaddr 00:D0:B7:72:EC:0B > > inet addr:5.5.5.138 Bcast:5.5.5.255 Mask:255.255.255.0 > > UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1 > > > > route: > > 5.5.5.0 * 255.255.255.0 U 0 0 0 eth0 > > loopback localhost 255.0.0.0 UG 0 0 0 lo > > default 5.5.5.1 0.0.0.0 UG 0 0 0 eth0 > > > > Question: Why pinging 192.168.1.12 from 5.5.5.138 is Ok ? > > maybe this needs to be in the routing table. Its a bit weird that it isn't > already. > > > Is it right to allow any ip on computer over any device ? > > yes - there is a routerfilter(?) kernel option that will eliminate spoofed > packed coming in on incorrect interfaces. If this isn't enabled any ip over > any interface is allowed (although how it is handled is another story). > > Daniel > - -- > Proudly a Gentoo User. > GnuPG/PGP signed and encrypted email preferred > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x32A64DC8 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.3 (GNU/Linux) > > iD8DBQE/lz09TDSbtjKmTcgRAu/+AKC3BVf1A8CoPtCGLY7z103oyPVkJwCdH4/w > HDVeQCaIxJKGaNBX5huvltM= > =KDWu > -----END PGP SIGNATURE----- > > > -- > [EMAIL PROTECTED] mailing list > > -- Gentoo Linux http://www.gentoo.org -- [EMAIL PROTECTED] mailing list