BAMM!
That's exactly what I was looking for. I'll have to give that a try and
see if the behavior is as expected, but the way you describe it, that's
exactly what I was looking for.
I'm really surprised that this isn't an issue that has come up before,
especially since security is involved.
I am very grateful for your reply.
Pascal Hambourg wrote:
Hello,
Jesse Molina a écrit :
To restate my question: What alternative ways are there to make the
GNU/Linux system reply to ARP requests for an IP, without that IP
being an actual interface on the host, or that interface must not be
used by local services *in any way*, for the reasons of using it via
SNAT/DNAT?
ip route add local <address>/<mask> table local dev <interface>
This way <address>/<mask> will be considered local by the system which
will reply to ARP requests for it, actually usable by any local process,
but won't appear assigned to <interface> so chances are that no local
process will use it unless told explicitly.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
# Jesse Molina
# Mail = jesse@xxxxxxxxxxxxxx
# Page = page-jesse@xxxxxxxxxxxxxx
# Cell = 1.602.323.7608
# Web = http://www.opendreams.net/jesse/
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
