RE: using sysctl.conf to set hidden interfaces

[Ryan Hulsker <rhulsker@xxxxxxxxxxxxxxxxx>]

>> net.ipv4.conf.all.hidden = 1
>> net.ipv4.conf.default.hidden = 1
>>
>>      These seem to do it for me.  The default for any new interfaces coming
>> up is to make them hidden, which means all your interfaces are always hidden
>> including lo.  This is not ideal, but I have yet to see it cause a problem
>> in my configuration.  Can anyone think of any reason why this is not a good
>> idea?
>
> even your normal eth0 and lo?  doesn't that cause problems?  eth0 would
> need to respond to arps to get any traffic, no?

        You know, this did cross my mind when I did it, I was actually quite suprised that it worked.  But uppon further reflection i think I know the reason that it works.  I rebuilt all of my real servers and configured them as above. I also reconfigured the LVS machine, but never had to reboot it.  I see that it has entries for all of the web servers in its arp table, but I fear that if I where to reboot the LVS machine, or clear its arp cache, the system would no longer work.

        I am going to clear the arp cache on this machine tonight, after the developers and QA leave, and see what happens.

        The other thing that I came across (or rather remembered) is that you can give ifconfig a "-arp" arg, this turns on "NO ARP" on the interface.  This appears to work on the loopback interface.  Does this have the same effect as making it a hidden device?

Ryan Hulsker
Unix System Administrator
Service Intelligence.com