Hello,
Grant Taylor a écrit :
On 08/16/07 00:56, pankaj jain wrote:
I have a machine with 3 interfaces
eth0: 10.19.0.102 mask (255.255.255.0)
eth1: 10.19.1.102 mask (255.255.255.0)
eth2: 10.29.51.102 mask (255.255.255.0)
>
all three are connected in a same switch (no vlans configured). I
want arp requests to be responded by the associated interface only,
and not by other interfaces.
[...]
Hum. I would not think that you even needed the ARPTables rules to
prevent the wrong interface from responding to an ARP request for
another IP.
The default behaviour is to reply on any interface for any local
address. It can be changed on a per-interface basis with the kernel
parameter /proc/sys/net/ipv4/conf/<interface>/arp_ignore. Definitions
and values are in Documentation/networking/ip-sysctl.txt :
arp_ignore - INTEGER
Define different modes for sending replies in response to
received ARP requests that resolve local target IP addresses:
0 - (default): reply for any local target IP address, configured
on any interface
1 - reply only if the target IP address is local address
configured on the incoming interface
2 - reply only if the target IP address is local address
configured on the incoming interface and both with the
sender's IP address are part from same subnet on this interface
3 - do not reply for local addresses configured with scope host,
only resolutions for global and link addresses are replied
4-7 - reserved
8 - do not reply for all local addresses
The max value from conf/{all,interface}/arp_ignore is used
when ARP request is received on the {interface}
