I recently had a problem where a Linux box with multiple NICs running a iptables firewall script was not accepting connections when it should. I ran tcpdump to find that ARP lookups received by the box were actually giving out the a MAC address from a different NIC. This seemed bizarre at first, but knowing Linux's networking strength I realised that I was missing something and that I probably needed to tweak the kernel to behave the way I wanted.
A quick Google found that I probably wanted to turn on arp_filter in the kernel. So I ran the following:
echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter
Immediately tcpdump showed that the kernel was now behaving the way I wanted it to and handing out only the MAC address for the relevant NIC.
To make the change permanent (i.e. survive a reboot) you could add the above line to a init script or add the following line to /etc/sysclt.conf
net.ipv4.conf.all.arp_filter = 1
No comments:
Post a Comment