Hello,
I think I found a bug, or if not it's something I wish to stop happening
with my linux machines, and was hopeing someone might be able to help me out
on either an explanation or a fix. I have 2 linux machines, and a router.
Box A has 1 nic, box B has 2 nics. Box A has an ip address of 192.168.2.1
for eth0. Box B has a 192.168.2.2 for eth0 and 192.168.3.1 for eth1.
ip_forwarding is not enabled on box B. Box B has seperate switches for each
nic card that are not uplinked/attached, and there are other machines on the
192.168.3.0/24 network. The router has an Ip address of 192.168.2.3 and
that is the default gateway for both box A and box B, and the router is not
attached to 192.168.3.0/24 at all. Box A has no static route to the
192.168.3.1 . If I log into box A and use "/sbin/arping -I eth0
192.168.3.1" I get the following response:
ARPING 192.168.3.1 from 192.168.2.1 eth0
Unicast reply from 192.168.3.1 [00:E0:81:03:42:B9] 0.671ms
Unicast reply from 192.168.3.1 [00:E0:81:03:42:B9] 0.626ms
Unicast reply from 192.168.3.1 [00:E0:81:03:42:B9] 0.621ms
Sent 3 probes (1 broadcast(s))
Received 3 response(s)
The MAC address listed is the mac addess of eth0 of box B. It seems like
someone could use arping to do local network discovery of attached
multi-homed networks... Ultimatly I would like to stop box B from replying
that it has 192.168.3.1, to keep my attached private networks from being
discovered. I've tried enableing the following in sysctl with no avail :
net.ipv4.conf.eth1.arp_filter
net.ipv4.conf.eth1.proxy_arp
net.ipv4.conf.eth0.arp_filter
net.ipv4.conf.eth0.proxy_arp
net.ipv4.conf.lo.arp_filter
net.ipv4.conf.lo.proxy_arp
net.ipv4.conf.default.arp_filter
net.ipv4.conf.default.proxy_arp
net.ipv4.conf.all.arp_filter
net.ipv4.conf.all.proxy_arp
If anyone can help me out I would greatly appreciate it.
Justin Booth
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
