> On Tue, Jan 23, 2001 at 01:50:27AM +0100, Bernd Eckenfels wrote:
> > Another option is to ifconfig -arp the eth0 interface. I browsed through t
> he
> > IPv4 code and did not find any other goto out which can be configured besi
> des
> > the input FIB, which messing with is a bad thing since it wont accept the
> > packet at all.
> >
> > so ifconfig -arp is the only option i could find which will help you. You
> need
> > to hardcode the arp entries for the real ip's of those web servers to reac
> h
> > them.
>
> -arp means that the kernel will not put in link layer to the packets.
> It's probably not what you want. Yes the option is misnamed.
>
> 2.2 has arpfilter, which will hopefully end up in 2.4 soon too. Here is a
> patch. It allows to filter ARP replies based on the routing table.
>
>
> -Andi
Thanks for the patches. I patched the kernel and tried it and it
still is reponding to arps even after I issued:
echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_filter
I do not know what the hidden interface did exactly and I am still
unsure why it no longer shows up in the 2.4.0 kernel.
Here is a clip from the TurboLinux ClusterServer manual that explains
how to turn off the arping. Maybe it will clear up what I am trying to
accomplish:
Next you have to turn off ARP replies on the interface. How you
accomplish that depends upon which Linux kernel version you are using.
On UNIX systems and Linux 2.0 kernels, you can supply the -arp option
to the ifconfig command when you bring up the interface. (Note that
some UNIX and Linux systems may use a slightly different syntax, such
as using noarp instead of -arp.) So in our example, we would use this
command to configure the interface:
# ifconfig lo:1 10.0.0.99 netmask 255.255.255.255 -arp
Unfortunately, this method does not work in any Linux kernels more
recent than the 2.0 series. For systems running kernel 2.2.14 and higher
the -arp option does not work. Instead, you will have to use the /proc
filesystem to turn off ARP replies. To do this, echo a 1 to the hidden
file in /proc/sys/net/ipv4/conf/all and the hidden file for the
interface you are using. Here is an example that will turn off ARP
replies on the loopback interface:
# echo 1 > /proc/sys/net/ipv4/conf/all/hidden
# echo 1 > /proc/sys/net/ipv4/conf/lo/hidden
Is there something that the arp_filter can do that will mirror this
functionality? The modification that you made to the documentation
was pretty straight forward in that the arp_filter was BOOLEAN, so
I think I implemented it right.
Any other ideas?
Thanks for your help.
Pete
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/