ARP and IPTables!!

vishamr2000 · 01-30-2006, 12:50 PM

Hi to all,

I wanted to know if there is a way of relaying (forwarding) ARP requests and replies using iptables. What rule can I use?

Regards,
Visham

ichrispa · 01-31-2006, 06:22 AM

Rule is foreward or nat. NAT requres the iptables ip module to be loaded.

Redirection over NAT appears to b protocol independent (at least as far as subprotocols of IP are concerned). Search the manpages if iptables support the opition "--protocol arp"

vishamr2000 · 01-31-2006, 11:28 PM

Hi to all,

I did check the manpages for iptables but didn't find it.Do you know of any ways in which I can filter arp packets using iptables? I don't want to use ebtables to do that because I will have to convert the firewall into a bridge as well.

Any help will be very much appreciated..

Warm regards,
Visham

dudulz · 02-01-2006, 01:38 AM

I suggess you must compile your kernel again with support ARP Filtering in Network Option.

vishamr2000 · 02-02-2006, 12:24 AM

Hi,

I did compile the kernel with the Arptables support but it supports only INPUT and OUTPUT chains. I need to forward arp replies which have had their destination mac address modified. The forwarding will make the arp packets go to their real destination based on target ip address.

How can I do that? I know that we can use the br_nf option to forward arp packets but the PC has to be set up as a bridgefirewall, which I don't want..

Is there any other way?

Many thx for the replies..

Warm regards,
Visham

vishamr2000 · 02-04-2006, 12:20 AM

Hi to all,

I compiled a 2.6.13 kernel (using RH9) with all the options regarding ARP filtering in Network options. But I still can't use commands like arptables -A IN -j DROP. It gives me an error. When I try man arptables, it tells me it's not found.

Do I have to do something more (install some userspace program or sth) to get it to work? Is the mere selection of the ARP kernel options not sufficient?

Any help will be very much appreciated..

Warm regards,
Visham