I have an embedded system that I am having some trouble with getting the networking up and running. Here is the configuration in as good a drawing as I can make for brevity I just put the last octets of the IP configuration. I've been struggling to get this working so any help is much appreciated.
To understand my picture, anything under the red segment needs to see the PC and everything in the blue segment needs to see the controller at the far right with the 199 address. The problem is that the 199 is duplicated along every one of these paths so I don't want the PC to see it. Right now *MOST* everything works. However there is one failure that I cannot figure out.
If I were to start at one of the cpus (1.1) and ping (1.2) it mostly works but on occasion will fail. It fails *I THINK* because the 1.1 does an arp and one of the other 1.2s responds. I've tried iptables, ebtables, and arptables and have not gotten it to do what I want. Basically I think all I need to do is at br0 of 1.1 stop all arps that try to go from its eth0. But I can't figure out how.
The exact message I get is
br0: received packet on eth0 with own address as source address
As a simple experiment I did the following on one of the embedded CPUs (.7):
# arptables -P INPUT DROP
# arptables -P FORWARD DROP
# arptables -P OUTPUT DROP
# br0: received packet on eth0 with own address as source address
I still get the message, on the other hand, it doesn't seem to break anymore (I realize this completely cuts off arp on one of the groups).
I used the physdev attributes of iptables in order to cut off the 1.X network from the 0.X network (or so I thought), but it seems to have no effect.
/sbin/iptables -A INPUT -m physdev --physdev-in eth0 \
! -s 169.254.0.0/24 -j DROP
/sbin/iptables -A FORWARD -m physdev --physdev-is-bridge \
-d 169.254.1.0/24 -j DROP
I am not married to this approach if there is a better way to do it. This is what I was able to figure out.
Thanks