# As can I disable arp request?

## geaaru

On eth0 interface I use freeradius and a pppoe server and eth0 haven't ip addres.

```

eth0    Link encap:Ethernet  HWaddr 00:0x:xx:xx:xx:xx

          inet6 addr: xxxx::xxx:xxxx:xxxx:xxxx/64 Scope:Link

          UP BROADCAST RUNNING NOARP MULTICAST  MTU:1500  Metric:1

          RX packets:4136 errors:0 dropped:0 overruns:0 frame:0

          TX packets:3808 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:388327 (379.2 Kb)  TX bytes:956494 (934.0 Kb)

```

However with ethereal I see that this interface send a arp-request like this

    Who has 0.0.0.0? Gratiutous ARP.

As can I disable these arp request.

PRE: I'm under XEN SO but eth0 is on dom-0 and MAC of request is eth0 not eth0 on dom-2;

I try different solutions:

1) With ebtables:

```

$EBTABLES -P INPUT DROP

$EBTABLES -P OUTPUT DROP

$EBTABLES -P FORWARD DROP

for i in $OTHER_IFACE

        do

        echo -n "Enable $i interface..."

        $EBTABLES -A INPUT -i $i -p arp -j ACCEPT

        $EBTABLES -A INPUT -i $i -p ipv4 -j ACCEPT

        $EBTABLES -A OUTPUT -o $i -p arp -j ACCEPT

        $EBTABLES -A OUTPUT -o $i -p ipv4 -j ACCEPT

        $EBTABLES -A FORWARD -o $i -p ipv4 -j ACCEPT

        $EBTABLES -A FORWARD -o $i -p arp -j ACCEPT

        $EBTABLES -t nat -A POSTROUTING -o $i -p arp -j ACCEPT

        $EBTABLES -t nat -A POSTROUTING -o $i -p ipv4 -j ACCEPT

        $EBTABLES -t nat -A OUTPUT -o $i -p arp -j ACCEPT

        $EBTABLES -t nat -A OUTPUT -o $i -p ipv4 -j ACCEPT

        $EBTABLES -t nat -A PREROUTING -i $i -p arp -j ACCEPT

        $EBTABLES -t nat -A PREROUTING -i $i -p ipv4 -j ACCEPT

        echo "done."

        done;

# Rules for adsl clients interface

$EBTABLES -A INPUT -i eth0 -p ipv4 -j ACCEPT

$EBTABLES -A OUTPUT -o eth0 -p ipv4 -j ACCEPT

$EBTABLES -A FORWARD -o eth0 -p ipv4 -j ACCEPT

$EBTABLES -t nat -A PREROUTING -i eth0 -p ipv4 -j ACCEPT

$EBTABLES -t nat -A POSTROUTING -o eth0 -p ipv4 -j ACCEPT

$EBTABLES -t nat -A OUTPUT -o eth0 -p ipv4 -j ACCEPT

```

Also with these rules there are are request to 0.0.0.0. Also if I have disabled all packet on eth0!!!!!! 

2) ifconfig eth0 0.0.0.0 -arp

Nothings.

3) ip link set eth0 arp off

Nothings.

What can I do?

Thanks for your help.

----------

## Kruegi

 *geaaru wrote:*   

> On eth0 interface I use freeradius and a pppoe server and eth0 haven't ip addres.

 

And how are you using the servers?

 *geaaru wrote:*   

> 
> 
> ```
> 
> $EBTABLES -A FORWARD -o $i -p arp -j ACCEPT
> ...

 

ARP can not be routed (only bridged), so some of your rules don't make sense.

Thomas

----------

## geaaru

 *Kruegi wrote:*   

> 
> 
> And how are you using the servers?
> 
> 

 

I use pppoe server and Point-to-Point protocols doesn't use arp protocol. A client (for example) that use rp-pppoe send a packet PADI for a request of connection and server PPPoE reply with PADO and etc. Eth0 in this case is only a shared point of connection for clients without a IP.

 *Kruegi wrote:*   

> 
> 
> ```
> 
> $EBTABLES -A FORWARD -o $i -p arp -j ACCEPT
> ...

 

This rules are for enables arp protocol on interfaces != eth0. While on eth0 I want disable arp protocol because a client does not have to see eth0 as an ethernet interface.

----------

## MrUlterior

Not sure if this will do it, but have you tried:

```

echo 0 > /proc/sys/net/ipv4/conf/eth0/arp_announce

```

replacing eth0 with the correct interface?

----------

## geaaru

arp_ announce it's already to 0, as arp_filter, as arp_ignore.

----------

## geaaru

Maybe there is a problem with xen:

```

testing_xen ~ # mii-tool

SIOCGMIIPHY on 'eth0' failed: Operation not supported

eth1: negotiated 100baseTx-FD flow-control, link ok

testing_xen ~ # ethtool eth0

Settings for eth0:

No data available

```

With mii-tool I can't read eth0, while is unload module of eth0 and the reload module e1000 there is a new interface eth2 that mii-tool see correctly. While eth0 had always same error message. I don't know!  :Question: 

On another abnormal of this system is that if I see traffic with ethereal from a client see arp request, while from ethereal on server I can't see arp request!   :Shocked: 

----------

