Bug 138758
Summary: | ARP setting from command line accept but not work. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jevgeni Maksimov <mev> |
Component: | net-tools | Assignee: | Radek Vokál <rvokal> |
Status: | CLOSED NOTABUG | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3 | CC: | tmraz |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i686 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-11-12 07:51:01 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jevgeni Maksimov
2004-11-11 00:22:29 UTC
Hi, well firstly I'm not completely sure what are you trying to achieve? You can't set local IP adress with ARP and the correct way to do this is using ifup for the device. This is propably not a bug. On machine where FC3 configured as GATEWAY for users in my network which used non local IP(192.168.*.*) but external IP's. And I trying to control to block not authorised IP to access to Internet. I use for it for allowed IP's arp -v -n -a -s 80.66.239.22 00:40:4A:06:41:7A arp -v -n -a -s 80.66.239.23 00:80:EA:08:11:EE arp -v -n -a -s 80.66.239.24 00:40:6A:0A:A1:EA For other IP's which not used but present in my network I use secret MAC combination, for example: arp -v -n -a -s 80.66.239.25 AA:BB:AA:BB:BB:BB arp -v -n -a -s 80.66.239.26 AA:BB:AA:BB:BB:BB arp -v -n -a -s 80.66.239.27 AA:BB:AA:BB:BB:BB And this accepted but not work!!! If user write to itself, IP 80.66.239.27 which in ARP table with MAC AA:BB:AA:BB:BB:BB, but his network card have realy MAC 00:C0:26:DD:31:F0 This user stay to use Internet. Bug in iputils? Well I think you're trying a really strange way to do this. I would suppose to use iptables (check man page for mac and mac_source) which will do this job for you 100times better. I'm not completely sure whether this is a bug or not, but IMHO arp works correctly and it's only about the way how kernel is using arp cache and arp table. While arp reponds with arp: SIOCSARP() the mac adress is for sure set in the table but propably kernel rewrites it back when receives certain packets from the other machine. |