[VLAN] VLAN issue - other IP's discovered across VLANS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Just one more question.
In Vlan version history it mentions support for changing MAC. Is that 
recommended to tighten security.
If I apply arp filter on the MAC address, will that not affect all interfaces?
I have also not found a good example of changing MAC in virtual interfaces 
with the vconfig command.


On Friday 10 November 2006 01:31, Peter Stuge wrote:
> On Thu, Nov 09, 2006 at 11:04:19PM +0100, Frode Marton Meling wrote:
> > Hello
> > I have a server setup with the following network config:
> >
> > Default	eth0		-
> > GW:
> > VLAN2	eth0.2	-
> > VLAN3	eth0.3	-
> > VLAN4	eth0.4	-
> >
> > The reason for this is that I run VMWare server and the other VLANS
> > are used by the VMWare server.. Without setting any IP, I got
> > errors..
> That should not happen. It's perfectly legal to not have an IP
> address configured on an interface, and if you're bridging it may
> even interfere.
> > I have a VLAN truck from my HP-managed switch. All VLANS tagged
> > except Default VLAN (I have tried this with tagging on Default
> > VLAN also).
> Default VLAN or the native VLAN is untagged by definition, right?
> > If I add my linux desktop to VLAN4 and do a netdiscover, it will
> > find the (I can not access it, but since it is
> > detectable from outside, it is a risk).
> I'm not sure I agree with your risk analysis, but let's stick to the
> point:
> netdiscover floods ARP requests for all private IP addresses. Your
> Linux VLAN box replies even though the request is coming in on a
> interface with a different address than the one in the request. Linux
> does this by default.
> Read more about rp_filter and arp_filter in
> /usr/src/linux/Documentation/networking/ip-sysctl.txt or consider
> implementing firewall rules to ensure your system behaves as
> intended.
> Hope this helps!
> //Peter
> _______________________________________________
> Vlan mailing list
> Vlan@xxxxxxxxxxxxxxx

[Netdev]     [Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Photo]     [Yosemite]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]     [Video 4 Linux]     [Linux Resources]

Powered by Linux