On 8/16/07, Grant Taylor <gtaylor@xxxxxxxxxxxxxxxxx> wrote: > On 08/16/07 10:07, Pascal Hambourg wrote: > > The default behaviour is to reply on any interface for any local > > address. It can be changed on a per-interface basis with the kernel > > parameter /proc/sys/net/ipv4/conf/<interface>/arp_ignore. Definitions > > and values are in Documentation/networking/ip-sysctl.txt : > > Ok, so this can be set up, it is just something that has to be turned on > via /proc. > > > arp_ignore - INTEGER > > Define different modes for sending replies in response to > > received ARP requests that resolve local target IP addresses: > > 0 - (default): reply for any local target IP address, configured > > on any interface > > 1 - reply only if the target IP address is local address > > configured on the incoming interface > > 2 - reply only if the target IP address is local address > > configured on the incoming interface and both with the > > sender's IP address are part from same subnet on this interface > > 3 - do not reply for local addresses configured with scope host, > > only resolutions for global and link addresses are replied > > 4-7 - reserved > > 8 - do not reply for all local addresses > > > > The max value from conf/{all,interface}/arp_ignore is used > > when ARP request is received on the {interface} > > If I understand the OP and what you have provided here correctly I > believe the OP would simply want to issue the following commands: > > echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore > echo 1 > /proc/sys/net/ipv4/conf/eth1/arp_ignore > echo 1 > /proc/sys/net/ipv4/conf/eth2/arp_ignore > > This should configure the interfaces to only respond to ARP requests for > their own IP address(s) (not other interfaces IP address(s)) correct? > > Thus the kernel would take care of what the OP is wanting to do and the > there would be no need for ARP / IPTables, correct? > > So I can correctly update my references, where did you copy and past > that documentation from? > > > > Grant. . . . > > do these rules apply for logical interfaces also? because in my actual case I would be having 127.x.x.x ips on my physical interfaces and actual ips on logical interfaces. for example: eth0 - 127.2.3.4 eth0:0 - 10.19.0.102 is there any command which can turn on these flags permanently such that I dont have to do it on every reboot of the machine? -- Thanks Pankaj Jain