On Mon, Dec 06, 1999 at 02:30:35AM +0100, Ralf G. R. Bergs wrote: > On Mon, 06 Dec 1999 10:37:31 +1100, Angus Lees wrote: > >ARP uses ARP, not ICMP (assuming ipv4..) > >it happens at an ethernet broadcast level - any IP firewalling stuff > >never gets to see it > > I see. Let me try to clarify this to see whether I've understood it: arp > happens on a level *below* IP. Therefore arp PASSES my firewall, right?
arp happens at the level below IP, therefore arp is _never_ forwarded by your firewall arp packets (and their replies) stay on the ethernet broadcast network they were sent to. (which is a recursive definition, since this is also how the "ethernet broadcast network" is defined - but i think you understand what i mean) do a "tcpdump arp" and "/usr/sbin/arp -a" and see what your networks look like from an ethernet hardware level -- - Gus
