Linux
arp who-has requests 查看vlan隔離的不同地址(單網卡)
我有通過 5 個不同 VLAN 上的中繼埠連接的 debian 主機。但是這個主機響應他們所有不同ip的arp“誰擁有”請求。我希望明白為什麼…
這裡是網路/介面文件(eth0.1 句柄 172.16.1.145/16)
auto lo iface lo inet loopback allow-hotplug eth0 iface eth0 inet manual auto eth0.1 iface eth0.1 inet dhcp auto eth0.10 iface eth0.10 inet static address 192.168.10.254 netmask 255.255.255.0 auto eth0.6 iface eth0.6 inet static address 192.168.6.254 netmask 255.255.255.0 auto eth0.7 iface eth0.7 inet static address 192.168.7.254 netmask 255.255.255.0 auto eth0.2 iface eth0.2 inet static address 0.0.0.0 netmask 0.0.0.0
這是 ldc (172.16.1.50/16) 在 vlan1 廣播域上請求的不同 arp 的輸出
ldc:~# arping 172.16.1.145 ARPING 172.16.1.145 60 bytes from ab:cd:ef:01:23:45 (172.16.1.145): index=0 time=193.119 usec ^C --- 172.16.1.145 statistics --- 1 packets transmitted, 1 packets received, 0% unanswered (0 extra) ldc:~# arping 192.168.10.254 ARPING 192.168.10.254 60 bytes from ab:cd:ef:01:23:45 (192.168.10.254): index=0 time=221.014 usec ^C --- 192.168.10.254 statistics --- 1 packets transmitted, 1 packets received, 0% unanswered (0 extra) ldc:~# arping 192.168.6.254 ARPING 192.168.6.254 60 bytes from ab:cd:ef:01:23:45 (192.168.6.254): index=0 time=256.062 usec ^C --- 192.168.6.254 statistics --- 1 packets transmitted, 1 packets received, 0% unanswered (0 extra) ldc:~# arping 192.168.7.254 ARPING 192.168.7.254 60 bytes from ab:cd:ef:01:23:45 (192.168.7.254): index=0 time=211.954 usec ^C --- 192.168.7.254 statistics --- 1 packets transmitted, 1 packets received, 0% unanswered (0 extra)
當然 l3 沒有被轉發,但我還是想解決這個問題……有人可以幫我嗎?
沒關係,我找到了解決方法:
這是 arp_ignore 的問題:(
echo 1 > /proc/sys/net/ipv4/conf/eth0.1/arp_ignore
因為我收到了來自 vlan1 的 who-has 請求)恕我直言,這應該是預設行為…
再次感謝。
預設情況下,Linux 安裝會實現一種稱為“弱端主機”模型的東西,在任何介面上接受到其所有地址的數據包。如果只是 ARP 困擾您,您應該使用
net.ipv4.conf.<interface>.arp_filter
可調。對於其他類型的 IP 流量,考慮為入口過濾和/或啟用設置適當的 netfilter 規則
net.ipv4.conf.<interface>.rp_filter
(不知道 Debian 是否預設不這樣做)進一步閱讀: http: //linux-ip.net/html/ether-arp.html#ether-arp-flux-arpfilter