More ARP things and a semi-required patch

Tarek W. mailinglists1 at hotpop.com
Wed Feb 18 10:39:28 PST 2004


On Tue, 2004-02-17 at 20:00, Dagmar d'Surreal wrote: [snipped]
> For those of you who are now looking into the magic that is ARP, there's
> a patch you may very well want to apply to your kernel to reduce some of
> your pain and frustration with the inobviously strange way Linux handles
> ARP.  Not that this behaviour is explicitly _wrong_, but that on an
> incorrectly run network, it can break when otherwise it might be useful
> (there are uses for its behaviour, although at the moment I can't
> remember any good ones).  Enabling this patch breaks nothing you
> wouldn't expect it to (if you're doing an HA or
> multi-homed/multi-interface configuration, you probably already know
> about this anyway).
> 
> The issue is that, by default, Linux will reply to ARP queries on _any_
> interface for all IP addresses it's interfaces are bound to.  This can
> cause both you and the administrators of networks you are connected to
> some headaches, particularly if there's clueless losers on your external
> network allowing private network traffic to leak out.

arp_filter prohibits this

the issue of several interfaces on the same subnet will be covered in
linux-ip very soon




More information about the hlfs-dev mailing list