On 8/16/07, Grant Taylor <gtaylor@xxxxxxxxxxxxxxxxx> wrote:
> On 08/16/07 10:07, Pascal Hambourg wrote:
> > The default behaviour is to reply on any interface for any local
> > address. It can be changed on a per-interface basis with the kernel
> > parameter /proc/sys/net/ipv4/conf/<interface>/arp_ignore. Definitions
> > and values are in Documentation/networking/ip-sysctl.txt :
>
> Ok, so this can be set up, it is just something that has to be turned on
> via /proc.
>
> > arp_ignore - INTEGER
> > Define different modes for sending replies in response to
> > received ARP requests that resolve local target IP addresses:
> > 0 - (default): reply for any local target IP address, configured
> > on any interface
> > 1 - reply only if the target IP address is local address
> > configured on the incoming interface
> > 2 - reply only if the target IP address is local address
> > configured on the incoming interface and both with the
> > sender's IP address are part from same subnet on this interface
> > 3 - do not reply for local addresses configured with scope host,
> > only resolutions for global and link addresses are replied
> > 4-7 - reserved
> > 8 - do not reply for all local addresses
> >
> > The max value from conf/{all,interface}/arp_ignore is used
> > when ARP request is received on the {interface}
>
> If I understand the OP and what you have provided here correctly I
> believe the OP would simply want to issue the following commands:
>
> echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
> echo 1 > /proc/sys/net/ipv4/conf/eth1/arp_ignore
> echo 1 > /proc/sys/net/ipv4/conf/eth2/arp_ignore
>
> This should configure the interfaces to only respond to ARP requests for
> their own IP address(s) (not other interfaces IP address(s)) correct?
>
> Thus the kernel would take care of what the OP is wanting to do and the
> there would be no need for ARP / IPTables, correct?
>
> So I can correctly update my references, where did you copy and past
> that documentation from?
>
>
>
> Grant. . . .
>
>
do these rules apply for logical interfaces also?
because in my actual case I would be having 127.x.x.x ips on my
physical interfaces and actual ips on logical interfaces. for example:
eth0 - 127.2.3.4
eth0:0 - 10.19.0.102
is there any command which can turn on these flags permanently such
that I dont have to do it on every reboot of the machine?
--
Thanks
Pankaj Jain
