Jim, I must be uncommonly dense, because I still haven't a clue what you are trying to do. I'll take one last stab at it, though. : host0 : 192.168.253.1----snoopy(eth0 192.168.253.254) : : Now ping 192.168.253.2 and get snoopy to respond. This can be done : with netfilter (but not, apparently with ip). Accurate, as far as I know. : iptables -A PREROUTING -t nat -p icmp -d 192.168.253.2 -j DNAT --to 192.168.253.254 Sure. : /sbin/arp -i eth0 -Ds 192.168.253.2 eth0 pub : gets you a "host unreachable" from 192.168.253.1 Have you tried this? arp -s 192.168.253.2 -i eth0 -D eth0 pub Sadly, /sbin/arp (at least on my test boxen) seems to be persnickety about the order of arguments and options. : BUT if on host0 you: : /sbin/arp -s 192.168.253.2 HWADDR : : then ping goes through. : Help from ARP experts (or others!) much appreciated. If you really wish to get your hands dirty with ARP, you can always have ultimate control with "ip arp", a kernel + iproute2 patch. http://www.ssi.bg/~ja/#iparp Bonne chance, -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@xxxxxxxxxxxxxx
