Date: Mon, 19 Sep 2005 18:25:50 +0200 From: Jeremie Le Hen <jeremie@le-hen.org> To: Motonori Shindo <mshindo@mshindo.net> Cc: pieter@thedarkside.nl, freebsd-net@freebsd.org Subject: Re: ARP behavior in FreeBSD vs Linux Message-ID: <20050919162550.GB24643@obiwan.tataz.chchile.org> In-Reply-To: <20050919.111418.71083866.mshindo@mshindo.net> References: <432D9249.9090202@mac.com> <432DA0AC.8010802@thedarkside.nl> <432DA922.5030303@errno.com> <20050919.111418.71083866.mshindo@mshindo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, > > >>> In contrast, on Linux (by default), it > > >>> responds as long as the target IP address in ARP Request matches with > > >>> any "local" IP address on the system, which is not necessarily an IP > > >>> address assigned to the interface through which the ARP request is > > >>> received. > > >> > > >> This sounds like "proxy ARPing" is enabled by default on your > > >> particular flavor of Linux. I don't think they all do that, > > >> hopefully, any more than ipforwarding should be enabled by default > > >> just because a machine has two NICs. > > > > > > What Motonori Shindo described is actually the default behaviour for > > > Linux kernels (at least my 2.6.8-kernel does it by default). > > It seems that it has been so for a long time since 2.2 kernel days. > > > > It could be > > > seen as a sort of proxy-arp, but only for the host itself, not other > > > systems. Let me try to describe when it happens. Say you have > > > 192.168.42.42 bound on eth0 and have eth1 connected to some ethernet > > > LAN. When a host on that eth1-connected LAN sends an 'arp who-has > > > 192.168.42.42', a Linux system will answer that arp-request with it's > > > eth1 MAC-address, although the IP-address is bound on eth0 and the arp > > > request comes in on eth0. FreeBSD obviously doesn't do this. FYI, proxy ARPing for a whole subnet might be enabled on Linux with the following sysctl, in order to create what they call a "pseudo-bridge" : /proc/sys/net/ipv4/conf/<iface>/proxy_arp When a Linux box is a router between two subnets A and B, if a host on A issues an ARP request about a host on B (because they think to be on the same physical network), the Linux box will reply with its own MAC address, and conversely. > > > Incoming traffic on > > > the 'wrong' interface will gladly be accepted, too. This broke things > > > for me, because I didn't want to have that certain IP-address accessible. This behaviour can be controlled with : /proc/sys/net/ipv4/conf/<iface>/rp_filter These sysctl are explained in the Linux kernel source : linux/Documentation/networking/ip-sysctl.txt Please, don't blame me because this is not FreeBSD-centric. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050919162550.GB24643>