Hi Varun, Thanks a lot for the reply. That's what I was looking for. ----- Original Message ----- From: "Varun Varma" <varun@xxxxxxxxxx> To: "Marco Berizzi" <pupilla@xxxxxxxxxxx> Cc: <lartc@xxxxxxxxxxxxxxx> Sent: Monday, May 12, 2003 1:10 PM Subject: Re: [LARTC] shared_media > Dear Marco, > > Linux, in the 2.4 kernels, has this default behaviour. The ARP reply for > an IP goes from any interface on the system, not just the one on which > the IP is configured. > > You can change this behaviour by setting: > > /proc/sys/net/ipv4/conf/all/arp_filter = 1 > > Or, if you want to control this for just one interface: > > /proc/sys/net/ipv4/conf/interface name e.g. eth0/arp_filter = 1 > > As an aside, I would also recommed setting up different VLANs, if your > switch support them. That way you can get different "logical" switches. > > Regards, > -Varun > > Marco Berizzi wrote: > > Hello everybody. > > > > I have a problem with my firewall rules on my Slackware Linux box 9.0 > > (kernel 2.4.20-xfs). > > This system is configured with 3 NIC (one for the router, one for the > > dmz, and the other for the private net). > > I have written a firewall (iptables) that is processing packet based > > also on the incoming interface. > > This firewall is connected in a not good environment where all the NIC > > (and the router) are connected to the same switch (don't ask me why). > > Here is the problem: an incoming packet from the private net sometimes > > is catched by the priv NIC, sometimes is catched by the DMZ nic and > > sometimes is catched by router NIC. This happens (I think) because when > > a client (windoze) sends an arp request with the priv NIC IP, linux > > replies with the MAC address from any of the 3 NIC and not only with the > > MAC from the priv NIC.
