search for: arp_filter

...affic and causes issues. We've looked at arp* /etc/sysctl.conf etc. and arptables, but wondered if anyone had a recipe? We have this already which didn't help as it happened Christmas Eve too as we kept eth1 up for a few days to test: # For the dual interface - 06.12.12 net.ipv4.conf.eth0.arp_filter = 1 net.ipv4.conf.eth0.arp_ignore = 1 net.ipv4.conf.eth1.arp_filter = 1 net.ipv4.conf.eth1.arp_ignore = 1 net.ipv4.conf.all.arp_filter = 1 eth0 and eth1 are on the same VLAN/broadcast domain, but eth1 is a 169.xx and eth0 is a routable public IP. We're having to shut eth1 down and bring it u...

...5.255.255.0 # ip route 192.168.5.0/24 dev eth0 proto kernel scope link src 192.168.5.220 192.168.5.0/24 dev eth1 proto kernel scope link src 192.168.5.221 192.168.5.0/24 dev eth2 proto kernel scope link src 192.168.5.222 default via 192.168.5.11 dev eth0 # cat /proc/sys/net/ipv4/conf/all/arp_filter 1 (and just to be sure I set /conf/<every interface>/arp_filter to 1 as well) So basically what I want is just a box with 3 network cards with 3 different ips, no bonding/trunking, just simple.. :). What I get is simply that eth0 is answering (with it''s own HW addr) to arp requests...

Hello all, I have an annoying networking issue. The value of arp_filter is getting changed. /proc/sys/net/ipv4/conf/eth0/arp_filter 1 I specifically set it to 0 via /sbin/ifup-local. The hosts in question are setup to test some network gear, and they all have 1 "management" interface and 1 or more through put interface. Any ideas on how to keep this value...

...---------- New Features in 2.0.10 The "shorewall status" command has been enhanced to include the values of key /proc settings: Example from a two-interface firewall: /proc /proc/sys/net/ipv4/ip_forward = 1 /proc/sys/net/ipv4/conf/all/proxy_arp = 0 /proc/sys/net/ipv4/conf/all/arp_filter = 0 /proc/sys/net/ipv4/conf/all/rp_filter = 0 /proc/sys/net/ipv4/conf/default/proxy_arp = 0 /proc/sys/net/ipv4/conf/default/arp_filter = 0 /proc/sys/net/ipv4/conf/default/rp_filter = 0 /proc/sys/net/ipv4/conf/eth0/proxy_arp = 0 /proc/sys/net/ipv4/conf/eth0/arp_filter = 0 /proc/...

This one is really throwing me. Thanks in advance for any advice. I''m working on a 4 port firewall system. It is running heartbeat+drbd. Primary box looks like this: eth0 -> net/cicso router 192.168.144.2/29 eth1 -> drbd/heartbeat crossover cable 192.168.254.253/30 eth2 -> dmz 192.168.144.10/24 eth3 -> loc 192.168.101.2/24 The IP''s

...have no problem at all. I have read the docs and understand that the problems exists because of the ARP implementation in Linux. (I don''t understand why the problem is happening with OS X and Win clients, but not Linux clients). Why do the docs also mention that one possible solution, arp_filter, is not recommended in a production environment? What are the dangers? Network stability, security? Are there other ways to solve the problem other than recabling?

...c example, but starting Shorewall drops all connections and don''t permit any outgoing requests, even with "all allowed" policy. Policy file is below. Current setup has for test purposes and both nics are connected two hubs, which have a also direct connection cable (I''ve arp_filter option in both nics in interfaces file). I hope someone can help, I''ve been struggling with this problem few days now. Br, Riku Interfaces: net eth0 detect dhcp,routefilter,tcpflags,arp_filter loc eth1 detect tcpflags,routefilter,arp_filt...

Hy shorewall users :)) I have the following config in my shorewall: DNAT net:200.137.193.2 loc:192.168.0.55 udp 135,445 - 200.137.193.38 DNAT net:200.137.193.2 loc:192.168.0.55 udp 137:139 - 200.137.193.38 DNAT net:200.137.193.2 loc:192.168.0.55 tcp 135,139,445 - 200.137.193.38 The IP

I''m trying to setup some DNAT and the packets seem to be disappearing after the PREROUTING step. The packets are coming in eth2 (both LOG targets in iptables and tcpdump confirm this). They are then DNATed to an IP that should cause them to go out eth3. However I never see them go out that interface. I have tried putting LOG rules into the FORWARD chain with no success. I''m

Hello everybody. I have a problem with my firewall rules on my Slackware Linux box 9.0 (kernel 2.4.20-xfs). This system is configured with 3 NIC (one for the router, one for the dmz, and the other for the private net). I have written a firewall (iptables) that is processing packet based also on the incoming interface. This firewall is connected in a not good environment where all the NIC (and the

...3.3) 113.89.142.80: 2222 -> 192.168.1.231:22 tcp (SSH) 4. Shorewall settings: 4.1 interfaces #ZONE INTERFACE BROADCAST OPTIONS net eth1 113.89.142.255 norfc1918,arp_filte lan eth0 detect arp_filter ovpn tun0 - #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE 4.2 zones #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS...

...lter echo "1" > /proc/sys/net/ipv4/conf/eth0/hidden echo "1" > /proc/sys/net/ipv4/conf/eth1/hidden echo "1" > /proc/sys/net/ipv4/conf/eth2/hidden echo "1" > /proc/sys/net/ipv4/conf/eth3/hidden echo "1" > /proc/sys/net/ipv4/conf/eth0/arp_filter echo "1" > /proc/sys/net/ipv4/conf/eth1/arp_filter echo "1" > /proc/sys/net/ipv4/conf/eth2/arp_filter echo "1" > /proc/sys/net/ipv4/conf/eth3/arp_filter My troubles comes with load balance outgoing connections, I use the table balanceo2 for this purpose, a...

...lter echo "1" > /proc/sys/net/ipv4/conf/eth0/hidden echo "1" > /proc/sys/net/ipv4/conf/eth1/hidden echo "1" > /proc/sys/net/ipv4/conf/eth2/hidden echo "1" > /proc/sys/net/ipv4/conf/eth3/hidden echo "1" > /proc/sys/net/ipv4/conf/eth0/arp_filter echo "1" > /proc/sys/net/ipv4/conf/eth1/arp_filter echo "1" > /proc/sys/net/ipv4/conf/eth2/arp_filter echo "1" > /proc/sys/net/ipv4/conf/eth3/arp_filter My troubles comes with load balance outgoing connections, I use the table balanceo2 for this purpose, a...

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=40 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From laforge@netfilter.org 2003-02-03 16:49 ------- We haven't seen this

...the net pptp tunnel to share with the machines in my localnet successfully. But Tunnel two to four i''m not able to do 1:1 nat. What could be a solution ? Kind regards, Felix. interfaces: loc eth0 detect tcpflags modem eth1 detect dhcp,tcpflags,routefilter,nosmurfs,arp_filter net ppp0 - tcpflags,routefilter,nosmurfs,arp_filter pptp2 ppp1 - tcpflags,routefilter,nosmurfs,arp_filter pptp3 ppp2 - tcpflags,routefilter,nosmurfs,arp_filter pptp4 ppp3 - tcpflags,routefilter,nosmurfs,arp_filter zones: modem InodeInternal PPTP...

Hi, I've been trying to get a couple of routers up after h/w failure. The border router is an OpenBSD firewall running NAT between the Internet and a DMZ like subnet, and in that a Linux antivirus server is running NAT to the LAN. When the client does a DNS query it reaches to the f/w where dns is running and is returned into the A/V server but never hits the 0.254 interface. (Shown by

...ZONE HOST(S) OPTIONS loc br0:eth1 road br0:tap+ #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE Interfaces #ZONE INTERFACE BROADCAST OPTIONS GATEWAY net eth0 10.0.0.255 nobogons,routefilter,logmartians,tcpflags,arp_filter,nosmurfs #loc eth1 detect - br0 detect # #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE Masq eth0 192.168.3.0/24 Policy #SOURCE DEST POLICY LOG LIMIT:BURST # LEVEL fw loc ACCEPT info #lo...

I''m very new to shorewall. My setup is IP Gateway (CentOS 4 + Shorewall) with 3 NIC cards. Shorewall works great on the firewall machine. Bind also works (local net machines get IPs fine). Under firestarter, all works great. With shorewall, the loc machines can not route past the firewall. They can connect to the firewall, but not past it. Exactly what information should I post to get

...s> is the IP address of the remote tunnel gateway. <gateway zone> Optional. A comma-separated list of zone names. If specified, the remote gateway is to be considered part of these zones. 5) An ''arp_filter'' option has been added to the /etc/shorewall/interfaces file. This option causes /proc/sys/net/ipv4/conf/<interface>/arp_filter to be set with the result that this interface will only answer ARP ''who-has'' requests from hosts that are routed out of that i...

...iB) There''re a bridge for each nic: > brctl show bridge name bridge id STP enabled interfaces eth0 8000.001d09645f24 no vm1 peth0 eth1 8000.001d09645f22 no vm2 peth1 vm3 vm4 I''ve also enabled arp_filtering with: echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter And i''ve disabled tx checsum with: ethtook -K for every network interface in dom0 and on domU Can anyone help me? Thank''s a lot. _______________________________________________ Xen-users mailing list Xen-users@lists.x...