From: Varun Varma <varun@mindsw.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] shared_media
Date: Mon, 12 May 2003 11:22:50 +0000 [thread overview]
Message-ID: <marc-lartc-105273839820273@msgid-missing> (raw)
In-Reply-To: <marc-lartc-105273442117154@msgid-missing>
Dear Marco,
Linux, in the 2.4 kernels, has this default behaviour. The ARP reply for
an IP goes from any interface on the system, not just the one on which
the IP is configured.
You can change this behaviour by setting:
/proc/sys/net/ipv4/conf/all/arp_filter = 1
Or, if you want to control this for just one interface:
/proc/sys/net/ipv4/conf/interface name e.g. eth0/arp_filter = 1
As an aside, I would also recommed setting up different VLANs, if your
switch support them. That way you can get different "logical" switches.
Regards,
-Varun
Marco Berizzi wrote:
> Hello everybody.
>
> I have a problem with my firewall rules on my Slackware Linux box 9.0
> (kernel 2.4.20-xfs).
> This system is configured with 3 NIC (one for the router, one for the
> dmz, and the other for the private net).
> I have written a firewall (iptables) that is processing packet based
> also on the incoming interface.
> This firewall is connected in a not good environment where all the NIC
> (and the router) are connected to the same switch (don't ask me why).
> Here is the problem: an incoming packet from the private net sometimes
> is catched by the priv NIC, sometimes is catched by the DMZ nic and
> sometimes is catched by router NIC. This happens (I think) because when
> a client (windoze) sends an arp request with the priv NIC IP, linux
> replies with the MAC address from any of the 3 NIC and not only with the
> MAC from the priv NIC.
>
> Is there any setting in /proc to prevent this? shared_media perhaps?
>
> TIA
>
> PS: Please cc me. I'm not receiving messages from this list.
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-05-12 11:22 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-12 10:11 [LARTC] shared_media Marco Berizzi
2003-05-12 11:22 ` Varun Varma [this message]
2003-05-12 13:25 ` Marco Berizzi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-105273839820273@msgid-missing \
--to=varun@mindsw.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.