Jim,

I must be uncommonly dense, because I still haven't a clue what you are
trying to do.  I'll take one last stab at it, though.

 : host0
 : 192.168.253.1----snoopy(eth0 192.168.253.254)
 :
 : Now ping 192.168.253.2 and get snoopy to respond.  This can be done
 : with netfilter (but not, apparently with ip).

Accurate, as far as I know.

 : iptables -A PREROUTING -t nat -p icmp -d 192.168.253.2 -j DNAT --to 192.168.253.254

Sure.

 : /sbin/arp -i eth0 -Ds 192.168.253.2 eth0 pub
 : gets you a "host unreachable" from 192.168.253.1

Have you tried this?

  arp -s 192.168.253.2 -i eth0 -D eth0 pub

Sadly, /sbin/arp (at least on my test boxen) seems to be persnickety about
the order of arguments and options.

 : BUT if on host0 you:
 : /sbin/arp -s 192.168.253.2  HWADDR
 :
 : then ping goes through.
 : Help from ARP experts (or others!) much appreciated.

If you really wish to get your hands dirty with ARP, you can always have
ultimate control with "ip arp", a kernel + iproute2 patch.

  http://www.ssi.bg/~ja/#iparp

Bonne chance,

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED]

_______________________________________________
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Reply via email to