Linux

arp who-has requests 查看vlan隔離的不同地址(單網卡)

  • March 12, 2013

我有通過 5 個不同 VLAN 上的中繼埠連接的 debian 主機。但是這個主機響應他們所有不同ip的arp“誰擁有”請求。我希望明白為什麼…

這裡是網路/介面文件(eth0.1 句柄 172.16.1.145/16)

auto lo
iface lo inet loopback

allow-hotplug eth0
iface eth0 inet manual

auto eth0.1
iface eth0.1 inet dhcp

auto eth0.10
iface eth0.10 inet static
address 192.168.10.254
netmask 255.255.255.0

auto eth0.6
iface eth0.6 inet static
address 192.168.6.254
netmask 255.255.255.0

auto eth0.7
iface eth0.7 inet static
address 192.168.7.254
netmask 255.255.255.0

auto eth0.2
iface eth0.2 inet static
address 0.0.0.0
netmask 0.0.0.0

這是 ldc (172.16.1.50/16) 在 vlan1 廣播域上請求的不同 arp 的輸出

ldc:~# arping 172.16.1.145
ARPING 172.16.1.145
60 bytes from ab:cd:ef:01:23:45 (172.16.1.145): index=0 time=193.119 usec
^C
--- 172.16.1.145 statistics ---
1 packets transmitted, 1 packets received,   0% unanswered (0 extra)

ldc:~# arping 192.168.10.254
ARPING 192.168.10.254
60 bytes from ab:cd:ef:01:23:45 (192.168.10.254): index=0 time=221.014 usec
^C
--- 192.168.10.254 statistics ---
1 packets transmitted, 1 packets received,   0% unanswered (0 extra)

ldc:~# arping 192.168.6.254
ARPING 192.168.6.254
60 bytes from ab:cd:ef:01:23:45 (192.168.6.254): index=0 time=256.062 usec
^C
--- 192.168.6.254 statistics ---
1 packets transmitted, 1 packets received,   0% unanswered (0 extra)

ldc:~# arping 192.168.7.254
ARPING 192.168.7.254
60 bytes from ab:cd:ef:01:23:45 (192.168.7.254): index=0 time=211.954 usec
^C
--- 192.168.7.254 statistics ---
1 packets transmitted, 1 packets received,   0% unanswered (0 extra)

當然 l3 沒有被轉發,但我還是想解決這個問題……有人可以幫我嗎?

沒關係,我找到了解決方法:

這是 arp_ignore 的問題:( echo 1 > /proc/sys/net/ipv4/conf/eth0.1/arp_ignore 因為我收到了來自 vlan1 的 who-has 請求)

恕我直言,這應該是預設行為…

再次感謝。

預設情況下,Linux 安裝會實現一種稱為“弱端主機”模型的東西,在任何介面上接受到其所有地址的數據包。如果只是 ARP 困擾您,您應該使用

net.ipv4.conf.<interface>.arp_filter

可調。對於其他類型的 IP 流量,考慮為入口過濾和/或啟用設置適當的 netfilter 規則net.ipv4.conf.<interface>.rp_filter(不知道 Debian 是否預設不這樣做)

進一步閱讀: http: //linux-ip.net/html/ether-arp.html#ether-arp-flux-arpfilter

引用自:https://serverfault.com/questions/486594