On Mon, Aug 18, 2003 at 12:01:39AM -0700, David S. Miller wrote: > On Mon, 18 Aug 2003 08:56:52 +0200 > Willy Tarreau <willy@w.ods.org> wrote: > > > But I'm willing to try arpfilter if you show me where to start from. > > There are tools at: > > http://ebtables.sourceforge.net/ Thanks, I've downloaded them and will take a look at them. By the time, I did some random tests with 'ip arp', and found a simple way to solve the problem I reported initially. This can be of interest to others BTW : Trivial example below : My host wants to use address 10.0.0.1 to talk to the world, but through the gateway 11.0.0.2 reachable from 11.0.0.1 : ip address add 10.0.0.1/24 dev eth0 ip address add 11.0.0.1/24 dev eth0 ip route add default via 11.0.0.2 src 10.0.0.1 => same as before till this ip arp append table output to 11.0.0.0/24 oif eth0 src 11.0.0.1 => now it will use 11.0.0.1 to find its gateway (11.0.0.2) So as a general rule of thumb, I would recommend people to systematically call "ip arp append table output to [network] oif [NIC] src [local_ip]" after an "ip address add [local_ip] dev [NIC]". And yes, I agree that these are standard tools, but I maintain that the default behaviour should be cleaner. I also found that I can filter incoming requests easily with "table input" : ip arp append table input deny ip arp add table input allow from 11.0.0.0/24 to 11.0.0.0/24 iif eth0 ip arp add table input allow from 10.0.0.0/24 to 10.0.0.0/24 iif eth0 I don't understand how the forward table is used, BTW, but I'll search a bit more. If I finally understand how all this works, I may propose a simple how-to to put under Documentation/networking/arp.txt so solve most common problems. Cheers, Willy - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
