Date: Mon, 8 Jul 1996 09:32:15 -0400 (EDT) From: Brian Tao <taob@io.org> To: "Andrew V. Stesin" <stesin@elvisti.kiev.ua> Cc: FREEBSD-CURRENT-L <freebsd-current@freebsd.org> Subject: "ifconfig -arp" doesn't work? Message-ID: <Pine.NEB.3.92.960708092310.10129G-100000@zap.io.org> In-Reply-To: <199607080551.IAA05292@office.elvisti.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 8 Jul 1996, Andrew V. Stesin wrote: > > Dear Brian, if this approach will work for you, > please, share your experience with us. (I didn't > think about a situation with an "untrusted inside host" before, > so I'm interested what the solution might be) Andrew is referring to the "-arp" switch to ifconfig. I had asked if it was possible for an Ethernet interface not to broadcast its MAC address in response to an ARP query. Unfortunately, it doesn't seem to work. :( slam.io.org is the name of the firewall from the outside, and zap.io.org is one of our public shell servers. Even with NOARP, another server is still able to record slam's MAC address. I was thinking of turning off broadcasts, but that would probably mess others things up even more. slam is 2.2-960612-SNAP, zap is 2.2-960501-SNAP. slam# ifconfig de0 de0: flags=88c3<UP,BROADCAST,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1500 inet 198.133.36.2 netmask 0xffffff00 broadcast 198.133.36.255 ether 00:00:c0:53:c8:db zap# arp -a | grep slam zap# ping slam.io.org PING slam.io.org (198.133.36.2): 56 data bytes ^C --- slam.io.org ping statistics --- 2 packets transmitted, 0 packets received, 100% packet loss # arp -a | fgrep slam slam.io.org (198.133.36.2) at 0:0:c0:53:c8:db -- Brian Tao (BT300, taob@io.org, taob@ican.net) Systems and Network Administrator, Internet Canada Corp. "Though this be madness, yet there is method in't"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.92.960708092310.10129G-100000>