LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-08-2017, 06:52 PM   #1
papymuzo
LQ Newbie
 
Registered: Aug 2017
Posts: 4

Rep: Reputation: Disabled
Linux, disable L2 forwarding


I have a Linux server with two Ethernet interfaces. ETH0 is connected to LAN. I'd like to use ETH1 as port for a packet generator. I disabled IP forwarding but still I get all broadcasts (DHCP, SSDP,... ) forwarded on eth1. I'd like to stop all this routing process and get a fully LAN-isolated eth1. How can I achieve that ?
 
Old 08-08-2017, 09:51 PM   #2
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,734

Rep: Reputation: 1126Reputation: 1126Reputation: 1126Reputation: 1126Reputation: 1126Reputation: 1126Reputation: 1126Reputation: 1126Reputation: 1126
More info would be useful here. Are the two interfaces bridged? IP addressing? Routing tables?
 
Old 08-09-2017, 12:07 PM   #3
papymuzo
LQ Newbie
 
Registered: Aug 2017
Posts: 4

Original Poster
Rep: Reputation: Disabled
1. Interfaces are fully independent. No bridge. No IP forwarding enabled. No route to eth1.
2. eth0 is connected to the Co. LAN as DHCP. It gets an IP and is used as main network connection.
3. eth1 does not have an IP attached. It is connected, point-to-point to a to-be-tested equipment NIC port.
4. A Linux application sends L2 packets on eth1. These packets are received, checked and counted on to-be-tested equipment.

If I send 1000 L2 packets I may get more than 1000 at the other end because Linux network stack sends all L2 broadcasts it gets on all active (UP) network ports, except the one it received the broadcast. I am looking to stop this behavior to get no more packets than I send.

Thanks.

eth0 Link encap:Ethernet HWaddr 10:98:36:af:9c:0f
inet addr:192.168.x.xx Bcast:192.168.3.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10098937 errors:0 dropped:0 overruns:0 frame:0
TX packets:4261959 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1218927346 (1.2 GB) TX bytes:5497079394 (5.4 GB)
Interrupt:16

eth1 Link encap:Ethernet HWaddr 10:98:36:af:9c:10
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:4575 errors:0 dropped:0 overruns:0 frame:0
TX packets:2479736 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1053329 (1.0 MB) TX bytes:644095814 (644.0 MB)
Interrupt:17
 
Old 08-09-2017, 09:18 PM   #4
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,734

Rep: Reputation: 1126Reputation: 1126Reputation: 1126Reputation: 1126Reputation: 1126Reputation: 1126Reputation: 1126Reputation: 1126Reputation: 1126
I would expect that the packet generation tool would allow you to explicitly set the interface for sending/receiving packets? (For example Nping has -e, --interface <name> : Use supplied network interface.) Maybe you should advise us which utility is being used here.
 
Old 08-10-2017, 10:22 AM   #5
papymuzo
LQ Newbie
 
Registered: Aug 2017
Posts: 4

Original Poster
Rep: Reputation: Disabled
I am using "http://netsniff-ng.org/" which is a collection of network tools. Particularly I use "mausezahn" invoked with "mz". This tool can generate broadcast L2 packets. If you curious here is a help page: "http://www.perihel.at/sec/mz/". It is a bit old...

Yes, the tool needs to know on what interface to send the packets "mz eth1 -c 10 ...."
 
Old 08-10-2017, 07:32 PM   #6
papymuzo
LQ Newbie
 
Registered: Aug 2017
Posts: 4

Original Poster
Rep: Reputation: Disabled
Fixed the problem by adding two rules to iptables:

iptables -A FORWARD -m pkttype --pkt-type broadcast -i eth1 -j DROP
iptables -A INPUT -m pkttype --pkt-type broadcast -i eth1 -j DROP

Iptabes is now:

iptables -L -v
Chain INPUT (policy ACCEPT 54446 packets, 5132K bytes)
pkts bytes target prot opt in out source destination
123 40344 DROP all -- eth1 any anywhere anywhere PKTTYPE = broadcast

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- eth1 any anywhere anywhere PKTTYPE = broadcast

Chain OUTPUT (policy ACCEPT 8072 packets, 3990K bytes)
pkts bytes target prot opt in out source destination

Thanks all for help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Disable DNS forwarding cormanstnl Linux - Networking 2 10-08-2008 09:12 AM
How to: POSTFIX disable relay / forwarding (mail security) redhat 5.1 musical_spirit Linux - Security 5 05-23-2008 06:35 PM
how to disable ip forwarding? noriko_q Linux - Newbie 4 04-02-2008 12:50 AM
Internet slow down! how to disable packet forwarding? Creeps Linux - Networking 7 09-16-2004 03:07 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration