Join Log in
Score:0
Harmonytalk avatar Server

Limit ARP to gateway IP only

in flag
Harmonytalk

My current network setup is as follows

auto lo
iface lo inet loopback
    dns-nameservers 8.8.8.8 8.8.4.4

auto eth0
iface eth0 inet static
address 104.244.72.242/32
gateway 107.189.30.113
pointopoint 107.189.30.113
netmask 255.255.255.255

I was having an issue before where ARP would end up connecting to 104.244.72.1 causing issues I fixed that by adding

net.ipv4.conf.all.arp_announce=1
net.ipv4.conf.all.arp_ignore=2

arp now connects/returns only to

Address                  HWtype  HWaddress           Flags Mask            Iface
107.189.30.113           ether   00:16:cd:0b:1e:7c   C                     eth0
107.189.30.1             ether   0c:81:26:30:b8:78   C                     eth0

However this is causing issues still. How can I get it to only connect to 107.189.30.113

To add this environment is from within a nested virtual machine Proxmox node network is as follows

auto lo
iface lo inet loopback

iface ens3 inet manual

auto vmbr0
iface vmbr0 inet static
        address 107.189.30.113/24
        gateway 107.189.30.1
        bridge-ports ens3
        bridge-stp off
        bridge-fd 0
post-up ip route add 104.244.72.242/32 dev vmbr0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp

The host I am with does do MAC filtering. I am trying to next-hop the connection.

139
1 + 1
arp
Michael Hampton avatar
cz flag
Michael Hampton
If you are stuck with MAC filtering, use 1:1 NAT instead.
0
Reply
Score:0
Sven avatar Server
in flag
Sven

Depending on your environment, I think you might want to look into how to limit access to and from your system with a local endpoint firewall.

I would consider ufw, iptables, ipfilter or similar, depending on which Linux / BSD / Unix flavor you have installed.

Also, arp may not be the source of your issues. You should probably look at your routing table. You do not describe the nature of your issues, hence it is not easy to lead you to a solution.

0 + 9
Harmonytalk avatar
in flag
Harmonytalk
What outputs should I add?
0
Reply
Sven avatar
in flag
Sven
I am not sure what you mean by that question.. You should choose an appropriate firewall for your system. When installed, you must create allow rules for all the traffic you want to pass to and from your system, and deny everything else.
0
Reply
Harmonytalk avatar
in flag
Harmonytalk
I have created firewall settings to block `107.189.30.1` on the nested virtual machine. It still shows up on arp and I can't ping `107.189.30.1`.
0
Reply
Harmonytalk avatar
in flag
Harmonytalk
Added a bit more info about the environment hope it helps.
0
Reply
Sven avatar
in flag
Sven
Could you please explain what you are trying to fix? What issues are you running into?
0
Reply
Harmonytalk avatar
in flag
Harmonytalk
The network works on boot but shortly after it stops. This always happened when `104.244.72.1` displayed it sometimes happens when arp shows `107.189.30.1` but it comes and goes every 15-30 minutes.
0
Reply
Sven avatar
in flag
Sven
Ah, Netsted vm in a Proxmox environment.. That's key information and opens a whole new can of worms..
0
Reply
Sven avatar
in flag
Sven
It looks like you are trying to use the Proxmox bridged interface as your default gw for the "inner vm"? And this is configured to be a p2p-interface. But the "inner VM" displays arp entries from the "outer VM's" network environment. Makes sense since this is a bridged adapter. I have never looked into nested vms before. Have you tried to just configure a 107.189.30.X address on the inner vm? remove the p2p-config and use a /24 netmask. With the .1 address as the default gw..
1
Reply
Harmonytalk avatar
in flag
Harmonytalk
Yes I have `Reply from 107.189.0.1: TTL expired in transit.` returns from ping. The packets need to come from `00:16:cd:0b:1e:7c` just setting the VM mac to that doesn't seem to do anything.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.