From owner-freebsd-net@FreeBSD.ORG Mon Sep 19 16:25:52 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E47F16A41F for ; Mon, 19 Sep 2005 16:25:52 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from smtp2-g19.free.fr (smtp2-g19.free.fr [212.27.42.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA6CA43D46 for ; Mon, 19 Sep 2005 16:25:51 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by smtp2-g19.free.fr (Postfix) with ESMTP id CE767258C7; Mon, 19 Sep 2005 18:25:49 +0200 (CEST) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id 60BA5405D; Mon, 19 Sep 2005 18:25:50 +0200 (CEST) Date: Mon, 19 Sep 2005 18:25:50 +0200 From: Jeremie Le Hen To: Motonori Shindo Message-ID: <20050919162550.GB24643@obiwan.tataz.chchile.org> References: <432D9249.9090202@mac.com> <432DA0AC.8010802@thedarkside.nl> <432DA922.5030303@errno.com> <20050919.111418.71083866.mshindo@mshindo.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050919.111418.71083866.mshindo@mshindo.net> User-Agent: Mutt/1.5.10i Cc: pieter@thedarkside.nl, freebsd-net@freebsd.org Subject: Re: ARP behavior in FreeBSD vs Linux X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Sep 2005 16:25:52 -0000 Hi, > > >>> In contrast, on Linux (by default), it > > >>> responds as long as the target IP address in ARP Request matches with > > >>> any "local" IP address on the system, which is not necessarily an IP > > >>> address assigned to the interface through which the ARP request is > > >>> received. > > >> > > >> This sounds like "proxy ARPing" is enabled by default on your > > >> particular flavor of Linux. I don't think they all do that, > > >> hopefully, any more than ipforwarding should be enabled by default > > >> just because a machine has two NICs. > > > > > > What Motonori Shindo described is actually the default behaviour for > > > Linux kernels (at least my 2.6.8-kernel does it by default). > > It seems that it has been so for a long time since 2.2 kernel days. > > > > It could be > > > seen as a sort of proxy-arp, but only for the host itself, not other > > > systems. Let me try to describe when it happens. Say you have > > > 192.168.42.42 bound on eth0 and have eth1 connected to some ethernet > > > LAN. When a host on that eth1-connected LAN sends an 'arp who-has > > > 192.168.42.42', a Linux system will answer that arp-request with it's > > > eth1 MAC-address, although the IP-address is bound on eth0 and the arp > > > request comes in on eth0. FreeBSD obviously doesn't do this. FYI, proxy ARPing for a whole subnet might be enabled on Linux with the following sysctl, in order to create what they call a "pseudo-bridge" : /proc/sys/net/ipv4/conf//proxy_arp When a Linux box is a router between two subnets A and B, if a host on A issues an ARP request about a host on B (because they think to be on the same physical network), the Linux box will reply with its own MAC address, and conversely. > > > Incoming traffic on > > > the 'wrong' interface will gladly be accepted, too. This broke things > > > for me, because I didn't want to have that certain IP-address accessible. This behaviour can be controlled with : /proc/sys/net/ipv4/conf//rp_filter These sysctl are explained in the Linux kernel source : linux/Documentation/networking/ip-sysctl.txt Please, don't blame me because this is not FreeBSD-centric. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >