using arptables to block ARP

lvs-users

using arptables to block ARP

To:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject:	using arptables to block ARP
From:	Kjetil Torgrim Homme <kjetilho@xxxxxxxxxx>
Date:	Thu, 17 Jun 2004 23:50:27 +0200

we're in the process of upgrading our real servers to RHEL 3.0 WS, and
to avoid compiling our own kernel with Julian's hidden patch, I thought
I'd try using the arptables-jf package.

it looked very promising, and seemed to work fine when I tested it.

the rule is very simple:

  arptables -A IN -d 129.240.10.10 -j DROP

(129.240.10.10 is the VIP.)

this happens before the interface is brought up and the aliases added.

but, it doesn't seem fool-proof.  tonight, this host took over the ARP
entry for the VIP.  I have no idea how.  it didn't reboot, only
Perdition was restarted.

does anyone have any experience using arptables?
-- 
Kjetil T.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
using arptables to block ARP, Kjetil Torgrim Homme <= Re: using arptables to block ARP, Joseph Mack Re: using arptables to block ARP, Brett Simpson Re: using arptables to block ARP, Joseph Mack Re: using arptables to block ARP, Brett Simpson Re: using arptables to block ARP, Joseph Mack sync demon, does it transferred RELATED state info too?, Joseph Mack First stable version of LVS, Brett Simpson Re: First stable version of LVS, Joseph Mack Additional method of load balancing not local to LVS., Brett Simpson Re: Additional method of load balancing not local to LVS., Joseph Mack

Previous by Date:	Re: LVS using a real server that is on another network, Joseph Mack
Next by Date:	Re: Wired features LVS in an Open Source related article, Horms
Previous by Thread:	LVS using a real server that is on another network, Brett Simpson
Next by Thread:	Re: using arptables to block ARP, Joseph Mack
Indexes:	[Date] [Thread] [Top] [All Lists]