我有debian主机,通过5个不同的vlan的中继端口连接.但是这个主机响应arp“谁有”他们所有不同的ip请求.我希望理解为什么……
这里是network / interfaces文件(eth0.1句柄172.16.1.145/16)
auto lo iface lo inet loopback allow-hotplug eth0 iface eth0 inet manual auto eth0.1 iface eth0.1 inet dhcp auto eth0.10 iface eth0.10 inet static address 192.168.10.254 netmask 255.255.255.0 auto eth0.6 iface eth0.6 inet static address 192.168.6.254 netmask 255.255.255.0 auto eth0.7 iface eth0.7 inet static address 192.168.7.254 netmask 255.255.255.0 auto eth0.2 iface eth0.2 inet static address 0.0.0.0 netmask 0.0.0.0
这是由ldc(172.16.1.50/16)在vlan1广播域上发出请求的不同arp的输出
ldc:~# arping 172.16.1.145 ARPING 172.16.1.145 60 bytes from ab:cd:ef:01:23:45 (172.16.1.145): index=0 time=193.119 usec ^C --- 172.16.1.145 statistics --- 1 packets transmitted,1 packets received,0% unanswered (0 extra) ldc:~# arping 192.168.10.254 ARPING 192.168.10.254 60 bytes from ab:cd:ef:01:23:45 (192.168.10.254): index=0 time=221.014 usec ^C --- 192.168.10.254 statistics --- 1 packets transmitted,0% unanswered (0 extra) ldc:~# arping 192.168.6.254 ARPING 192.168.6.254 60 bytes from ab:cd:ef:01:23:45 (192.168.6.254): index=0 time=256.062 usec ^C --- 192.168.6.254 statistics --- 1 packets transmitted,0% unanswered (0 extra) ldc:~# arping 192.168.7.254 ARPING 192.168.7.254 60 bytes from ab:cd:ef:01:23:45 (192.168.7.254): index=0 time=211.954 usec ^C --- 192.168.7.254 statistics --- 1 packets transmitted,0% unanswered (0 extra)
肯定l3没有被转发,但我想解决这个问题…
有人能帮我吗 ?
解决方法
默认情况下,Linux安装会实现称为
“weak end host” model的东西,接受任何接口上所有地址的数据包.如果只是ARP打扰你,你应该使用.启用ARP过滤
net.ipv4.conf.<interface>.arp_filter
可调.对于其他类型的IP流量,请考虑为入口过滤和/或启用net.ipv4.conf设置适当的netfilter规则.< interface> .rp_filter(不知道Debian默认情况下是不是这样做)
进一步阅读:http://linux-ip.net/html/ether-arp.html#ether-arp-flux-arpfilter