Hello,
On Fri, 4 Apr 2003, Martin A. Brown wrote:
> : I�m working in a briding enviroment and i want to be sure that my arp
> : requests outgoing a bridge interface will be hear by only one specific
> : device (because of security reason)
Victor, what about trying something similar to the example
in the ebtables docs:
ebtables -t nat -A PREROUTING -d ff:ff:ff:ff:ff:ff -i eth0 -j dnat --to-destination
54:44:33:22:11:00
> : are there any way to re-write the ff:ff:ff:ff:ff:ff on this arp request
> : so they appears like a unicast?
>
> I imagine that Julian will jump in here and reply to you, but I thought
> I'd point you to ip arp, an add-on tool Julian has written for iproute2.
>
> http://www.ssi.bg/~ja/#iparp
iparp can not see these packets (layer 2) but for other
purposes probes can be originated with unicast dst MAC in this way:
ip arp add table output to 1.2.3.4 lldst 00:11:22:33:44:55
> : Do de ip stack understand this "unicast" arp request?
Yes but at MAC level the ARP code cares only for
unicast/broadcast, no matter the actual dst MAC of the received
packet.
Regards
--
Julian Anastasov <[EMAIL PROTECTED]>
_______________________________________________
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
