From: Willy Tarreau <willy@w.ods.org>
To: "David S. Miller" <davem@redhat.com>
Cc: Willy Tarreau <willy@w.ods.org>,
alan@lxorguk.ukuu.org.uk, carlosev@newipnet.com,
lamont@scriptkiddie.org, davidsen@tmr.com, bloemsaa@xs4all.nl,
marcelo@conectiva.com.br, netdev@oss.sgi.com,
linux-net@vger.kernel.org, layes@loran.com, torvalds@osdl.org,
linux-kernel@vger.kernel.org
Subject: Re: [2.4 PATCH] bugfix: ARP respond on all devices
Date: Mon, 18 Aug 2003 09:29:22 +0200 [thread overview]
Message-ID: <20030818072922.GB15098@alpha.home.local> (raw)
In-Reply-To: <20030818000139.6964cd04.davem@redhat.com>
On Mon, Aug 18, 2003 at 12:01:39AM -0700, David S. Miller wrote:
> On Mon, 18 Aug 2003 08:56:52 +0200
> Willy Tarreau <willy@w.ods.org> wrote:
>
> > But I'm willing to try arpfilter if you show me where to start from.
>
> There are tools at:
>
> http://ebtables.sourceforge.net/
Thanks, I've downloaded them and will take a look at them. By the time, I did
some random tests with 'ip arp', and found a simple way to solve the problem
I reported initially. This can be of interest to others BTW :
Trivial example below :
My host wants to use address 10.0.0.1 to talk to the world, but through
the gateway 11.0.0.2 reachable from 11.0.0.1 :
ip address add 10.0.0.1/24 dev eth0
ip address add 11.0.0.1/24 dev eth0
ip route add default via 11.0.0.2 src 10.0.0.1
=> same as before till this
ip arp append table output to 11.0.0.0/24 oif eth0 src 11.0.0.1
=> now it will use 11.0.0.1 to find its gateway (11.0.0.2)
So as a general rule of thumb, I would recommend people to systematically call
"ip arp append table output to [network] oif [NIC] src [local_ip]" after an
"ip address add [local_ip] dev [NIC]". And yes, I agree that these are standard
tools, but I maintain that the default behaviour should be cleaner.
I also found that I can filter incoming requests easily with "table input" :
ip arp append table input deny
ip arp add table input allow from 11.0.0.0/24 to 11.0.0.0/24 iif eth0
ip arp add table input allow from 10.0.0.0/24 to 10.0.0.0/24 iif eth0
I don't understand how the forward table is used, BTW, but I'll search a bit
more. If I finally understand how all this works, I may propose a simple how-to
to put under Documentation/networking/arp.txt so solve most common problems.
Cheers,
Willy
next prev parent reply other threads:[~2003-08-18 7:36 UTC|newest]
Thread overview: 168+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-27 20:52 [2.4 PATCH] bugfix: ARP respond on all devices Bas Bloemsaat
2003-07-27 22:12 ` David S. Miller
2003-07-28 2:31 ` Ben Greear
2003-07-28 7:33 ` Bas Bloemsaat
2003-07-27 23:40 ` Carlos Velasco
2003-07-27 23:46 ` David S. Miller
2003-07-27 23:58 ` Carlos Velasco
2003-07-27 23:58 ` David S. Miller
2003-07-28 0:11 ` Carlos Velasco
2003-07-28 0:14 ` David S. Miller
2003-07-28 0:35 ` Carlos Velasco
2003-07-28 0:36 ` David S. Miller
2003-07-28 0:53 ` Carlos Velasco
2003-07-28 0:55 ` David S. Miller
2003-07-28 1:23 ` Carlos Velasco
2003-07-28 1:35 ` David S. Miller
2003-07-28 10:43 ` Carlos Velasco
2003-07-28 17:09 ` Phil Oester
2003-07-28 18:56 ` Bas Bloemsaat
2003-07-28 4:37 ` David Lang
2003-07-28 4:39 ` David S. Miller
2003-07-28 10:49 ` Carlos Velasco
2003-07-28 0:57 ` Assorted 2.6.0-test2 build warnings J.C. Wren
2003-07-28 22:11 ` Randy.Dunlap
2003-07-29 10:42 ` Adrian Bunk
2003-07-29 2:51 ` [2.4 PATCH] bugfix: ARP respond on all devices Bill Davidsen
2003-07-29 4:48 ` Lamont Granquist
2003-08-04 6:10 ` Pekka Savola
2003-08-17 13:09 ` Carlos Velasco
2003-08-17 13:16 ` Carlos Velasco
2003-08-17 13:41 ` Alan Cox
2003-08-17 13:55 ` Carlos Velasco
2003-08-17 15:12 ` Bernd Eckenfels
2003-08-17 15:28 ` Alan Cox
2003-08-17 15:57 ` Bas Bloemsaat
2003-08-17 15:59 ` Carlos Velasco
2003-08-17 16:26 ` Alan Cox
2003-08-17 16:27 ` Carlos Velasco
2003-08-17 17:24 ` Alan Cox
2003-08-17 22:48 ` Willy Tarreau
2003-08-18 5:22 ` David S. Miller
2003-08-18 6:56 ` Willy Tarreau
2003-08-18 7:01 ` David S. Miller
2003-08-18 7:29 ` Willy Tarreau [this message]
2003-08-18 7:43 ` Willy Tarreau
2003-08-18 5:31 ` David S. Miller
2003-08-18 11:39 ` Stephan von Krawczynski
2003-08-18 11:44 ` David S. Miller
2003-08-18 12:34 ` Stephan von Krawczynski
2003-08-18 12:30 ` David S. Miller
2003-08-18 12:51 ` Mr. James W. Laferriere
2003-08-18 12:53 ` Stephan von Krawczynski
2003-08-18 12:55 ` David S. Miller
2003-08-18 13:17 ` Stephan von Krawczynski
2003-08-18 13:14 ` David S. Miller
2003-08-18 14:23 ` Stephan von Krawczynski
2003-08-18 14:19 ` David S. Miller
2003-08-18 15:46 ` Stephan von Krawczynski
2003-08-18 13:23 ` jamal
2003-08-18 13:21 ` David S. Miller
2003-08-18 13:40 ` Stephan von Krawczynski
2003-08-20 6:55 ` Bas Bloemsaat
2003-08-18 21:54 ` Bill Davidsen
2003-08-18 13:40 ` Dominik Kubla
2003-08-18 12:51 ` Willy Tarreau
2003-08-18 12:53 ` David S. Miller
2003-08-18 14:28 ` Willy Tarreau
2003-08-18 14:28 ` David S. Miller
2003-08-18 12:08 ` Bas Bloemsaat
2003-08-18 12:03 ` David S. Miller
2003-08-18 21:32 ` Bill Davidsen
2003-08-19 3:21 ` Ben Greear
2003-08-19 15:22 ` David S. Miller
2003-08-19 7:58 ` Bas Bloemsaat
2003-08-18 15:49 ` SRC IP selection in ARP request (Was: bugfix: ARP respond on all devices) Vladimir B. Savkin
2003-08-17 16:51 ` [2.4 PATCH] bugfix: ARP respond on all devices David T Hollis
2003-08-17 16:45 ` Carlos Velasco
2003-08-17 17:13 ` Arjan van de Ven
2003-08-17 19:46 ` insecure
2003-08-18 5:11 ` David S. Miller
2003-08-18 5:29 ` David S. Miller
2003-08-17 13:59 ` Bas Bloemsaat
2003-08-18 10:48 ` Robert Collier
2003-08-17 13:38 ` Alan Cox
[not found] <e2Yb.5CB.17@gated-at.bofh.it>
[not found] ` <e43Y.6x0.17@gated-at.bofh.it>
[not found] ` <e43Y.6x0.19@gated-at.bofh.it>
[not found] ` <e43Y.6x0.21@gated-at.bofh.it>
[not found] ` <e43Y.6x0.23@gated-at.bofh.it>
[not found] ` <e43Y.6x0.25@gated-at.bofh.it>
[not found] ` <e43Y.6x0.15@gated-at.bofh.it>
[not found] ` <e4nd.6K9.5@gated-at.bofh.it>
[not found] ` <e4ne.6K9.11@gated-at.bofh.it>
[not found] ` <e4x3.6RV.23@gated-at.bofh.it>
[not found] ` <e4Qe.7cR.3@gated-at.bofh.it>
[not found] ` <e503.7kj.23@gated-at.bofh.it>
[not found] ` <e5jh.7yW.5@gated-at.bofh.it>
[not found] ` <edJU.6nT.25@gated-at.bofh.it>
2003-07-28 20:45 ` Julien Oster
2003-08-19 12:02 Richard Underwood
2003-08-19 12:35 ` Alan Cox
2003-08-19 18:30 ` Daniel Gryniewicz
2003-08-19 18:29 ` David S. Miller
2003-08-19 19:12 ` Daniel Gryniewicz
2003-08-19 19:10 ` David S. Miller
2003-08-20 16:49 ` Bill Davidsen
2003-08-20 17:00 ` David S. Miller
2003-08-20 17:44 ` Ben Greear
2003-08-20 17:48 ` David S. Miller
2003-08-20 23:18 ` Julian Anastasov
2003-08-23 20:50 ` Bill Davidsen
2003-08-20 19:08 ` Bill Davidsen
2003-08-20 20:07 ` Bas Bloemsaat
2003-08-19 19:42 ` bill davidsen
2003-08-19 13:11 ` Bas Bloemsaat
2003-08-19 15:34 ` David S. Miller
2003-08-19 17:39 ` Lars Marowsky-Bree
2003-08-19 17:36 ` David S. Miller
2003-08-19 21:01 ` Harley Stenzel
2003-08-19 16:19 ` Stephan von Krawczynski
2003-08-19 16:54 ` David S. Miller
2003-08-19 17:15 ` Stephan von Krawczynski
2003-08-19 16:56 ` David S. Miller
2003-08-19 14:34 Richard Underwood
2003-08-19 14:54 ` Willy Tarreau
2003-08-19 15:07 ` Stephan von Krawczynski
2003-08-19 15:57 ` David S. Miller
2003-08-19 16:52 ` Stephan von Krawczynski
2003-08-19 16:53 ` David S. Miller
2003-08-19 17:12 ` Stephan von Krawczynski
2003-08-19 17:09 ` David S. Miller
2003-08-19 19:04 ` Alan Cox
2003-08-19 19:01 ` David S. Miller
2003-08-19 19:19 ` Bas Bloemsaat
2003-08-19 19:16 ` David S. Miller
2003-08-20 8:49 ` Roman Pletka
2003-08-20 14:15 ` Stephan von Krawczynski
2003-08-20 14:43 ` Roman Pletka
2003-08-20 15:55 ` Stephan von Krawczynski
2003-08-20 16:47 ` Roman Pletka
2003-08-19 15:53 ` Bill Davidsen
2003-08-19 16:14 ` David S. Miller
2003-08-19 17:17 ` Bill Davidsen
2003-08-19 19:08 ` Alan Cox
2003-08-19 21:53 ` Stephan von Krawczynski
2003-08-19 16:54 Richard Underwood
2003-08-19 16:51 ` David S. Miller
2003-08-19 17:10 ` Stephan von Krawczynski
2003-08-19 17:07 ` David S. Miller
2003-08-19 19:57 ` bill davidsen
2003-08-19 17:56 Richard Underwood
2003-08-19 17:53 ` David S. Miller
2003-08-19 18:05 Richard Underwood
2003-08-19 18:21 ` David S. Miller
2003-08-20 12:52 ` Harley Stenzel
2003-08-19 18:16 Richard Underwood
2003-08-19 18:13 ` David S. Miller
2003-08-19 18:30 ` Bas Bloemsaat
[not found] <mdtk.Zy.1@gated-at.bofh.it>
[not found] ` <mgUv.3Wb.39@gated-at.bofh.it>
[not found] ` <mgUv.3Wb.37@gated-at.bofh.it>
[not found] ` <miMw.5yo.31@gated-at.bofh.it>
2003-08-19 18:48 ` Andi Kleen
2003-08-19 19:17 ` Daniel Gryniewicz
2003-08-19 19:21 ` Andi Kleen
2003-08-19 19:27 ` Daniel Gryniewicz
2003-08-19 19:24 ` David S. Miller
2003-08-19 19:32 ` Andi Kleen
2003-08-19 19:28 ` David S. Miller
2003-08-20 9:53 ` Alan Cox
2003-08-20 15:41 ` Stephan von Krawczynski
2003-08-20 15:38 ` David S. Miller
2003-08-19 19:38 ` Valdis.Kletnieks
2003-08-19 19:37 ` David S. Miller
2003-08-19 20:44 ` Valdis.Kletnieks
2003-08-19 19:00 Richard Underwood
2003-08-19 18:58 ` David S. Miller
[not found] <mfYi.374.31@gated-at.bofh.it>
[not found] ` <mkbE.6Rk.35@gated-at.bofh.it>
2003-08-19 20:00 ` Andi Kleen
2003-08-19 19:56 ` David S. Miller
2003-08-19 22:12 Richard Underwood
2003-08-19 22:11 ` David S. Miller
2003-08-19 23:15 ` Stephan von Krawczynski
2003-08-20 8:58 Richard Underwood
2003-08-20 15:23 ` jamal
2003-08-20 15:28 ` jamal
2003-08-20 20:10 Richard Underwood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030818072922.GB15098@alpha.home.local \
--to=willy@w.ods.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=bloemsaa@xs4all.nl \
--cc=carlosev@newipnet.com \
--cc=davem@redhat.com \
--cc=davidsen@tmr.com \
--cc=lamont@scriptkiddie.org \
--cc=layes@loran.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-net@vger.kernel.org \
--cc=marcelo@conectiva.com.br \
--cc=netdev@oss.sgi.com \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).