> Now, introduce an unpatched 2.4.x kernel. The hidden option no longer exists,
> and for ease of operating a production environment, we prefer to use stock
> kernels straight from kernel.org, no patches at all. I've tried many different
> suggestion from the list:
>
> 1) ifconfig eth0 -arp
It'll make the stack no put any mac addresses into your packets,
which is likely not what you want.
>
> Is there any way to have this work on an unpatched 2.4.x kernel? Any
> documentation/examples for arp_filter, how it works, how it can be implemented
> for this?
arp_filter was not really designed to fix such a br^wweird setup.
It is possible to do it but a bit ugly. Basically you have to express a policy
filter rule/route that matches the outgoing ARP, but not the data and make the arp
route a blackhole route. The kernel unfortunately has no special key to select
ARP, so it has to be expressed in some other way (e.g. mark rules etc.), which is
usually possible, but ugly.
Your problems in (3) is that you asked for ARP to be turned off which
obviously breaks things if noone else (like your load balancing monstrosity) does
the ARP for you. IIRC the hidden guys usually work around this by using a
separate hidden virtual interface and only use that for load balancing purposes.
In the end it gets similarly ugly as the arp_filter setup.
-Andi
P.S.: I would not recommend 2.4.9 unpatched for any production setup.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/