[Bridge] Arp & Bridge
Stephen Hemminger
shemminger at linux-foundation.org
Wed Sep 19 08:24:56 PDT 2007
On Wed, 19 Sep 2007 16:32:26 +0200
David Martin <dmartin at mediatvcom.com> wrote:
> here is my bridge config :
> Let say br0 containing eth0 and eth1, with br0 IP adress is 192.168.0.10
>
> For some reasons, I would like to be able to send packet from the bridge
> machine, only via a specific device.
> Thus, I set IP adress for eth0 and eth1 (let's say 192.168.0.11 and
> 192.168.0.12).
> I know a bridge is not supposed to have IP adress on the interfaces..
> ___________________________
> | br0 (192.168.0.10) |
> | +--- eth0 (192.168.0.11) --------------------------- ethernet
> wire --------------------- 192.168.0.1
> | +--- eth1 (192.168.0.12) ----------------------------ethernet
> wire --------------------- 192.168.0.254
> |___________________________|
>
> But when I try to send packet's from only one device, it does not work.
> ie : ping -I eth0 192.168.0.1 gives no response.
>
> I noticed that arp are sent and received by eth1, but they are of course
> received by br0 too.
> So the arp table is completed for br0 but not for eth1...
>
> The question is :
> Why does br0 update the arp table, but eth1 doesnt? how is the arp table
> are updated? eth1 is the one sending the request!
> Is there any mean to solve that?
If you need to limit arp responses checkout arp_filter sysctl and
stop doing the wierdness with IP addresses.
If you are trying to do some form of security (or ISP workarounds)
investigate using filtering (ebtables) to do it.
--
Stephen Hemminger <shemminger at linux-foundation.org>
More information about the Bridge
mailing list