Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: What arp -s is good for
The Lounge War Stories What arp -s is good for Post 302720819 by bakunin on Wednesday 24th of October 2012 04:26:42 PM
Old 10-24-2012
Quote:
Originally Posted by Neo
a ping to a broadcast address should be done on the same subnet as the broadcast address, as a general rule.
True - still, this works only if network (the department, not the device) hasn't decided that every network connection, even one on the same subnet, has to go over a switch with firewall capabilities enabled (that is: each and every port blocked per default).

In my last project i had such a network, which is truly a PITA: you won't even get a ping from your default gateway back - but should manage HA-networks over that crap. Usually it took us 2-3 weeks to set up a cluster - 1 hour for installing and configuring it, the rest for filling out the forms required to get the various necessary ports opened in the firewall (which never worked right the first time).

bakunin
Last edited by bakunin; 10-24-2012 at 05:56 PM..
 

10 More Discussions You Might Find Interesting

1. Cybersecurity

ARP address resoluton

How does ARP take care of uniqueness of physical addresses? How does an ISP allocate a MAC address when I do not have an NIC( Network interface Card)? (1 Reply)
Discussion started by: ManishSaxena
1 Replies

2. Solaris

ARP Cache

Dear all, We are testing two of our servers for mq series connectivity. The scenario is, when one machine is shutting down it's services there are some scripts that do a dns update, which removes the ip address and relates it to the ip address of the other node on our dns server, and the update... (7 Replies)
Discussion started by: earlysame55
7 Replies

3. IP Networking

ARP Req Pkt

Does ARP Request packet Contains MAC Address of dest during broadcast? I found It So... When i captured ARP Req Pkts on ethereal... Rgds -Meti (1 Reply)
Discussion started by: ashokmeti
1 Replies

4. HP-UX

HW Address and arp

I was checking nettl output for a unstable telnet to my server. this is part of output: ### ***********************************STREAMS/UX*******************************@#% Timestamp : Sun Jun 22 EETDST 2008 22:14:47.492899 Process ID : Subsystem ... (4 Replies)
Discussion started by: xramm
4 Replies

5. IP Networking

arp output (flags)

I'm running an arp -an on a Solaris 10 box. We're using IPMP. One of the systems is not able to see a host on the same network. The only difference between the two systems (one is having a problem, the other isn't) at least so far is the output of arp: # arp -an | grep 224.55 e1000g5... (1 Reply)
Discussion started by: BOFH
1 Replies

6. Red Hat

Arp Problem

Dear All i have a linux proxy server which has RHEL-5 64 bit, it has two interfaces, it has the following details eth0=10.200.14.42 eth3=10.201.14.42 default gateway=10.201.14.254 one static route=192.168.0.0/24 gw 10.200.14.254 i am facing a problem when i ping 10.201.14.42 from... (2 Replies)
Discussion started by: surfer24
2 Replies

7. IP Networking

Stuck ARP entries

About a week ago a customer hooked up a wireless router backwards to our network, causing it to serve incorrect DHCP addresses to some of them. Our networks are mostly statically assigned so this didn't cause as much damage as it might have, but now, over a week later, I still have incomplete... (1 Reply)
Discussion started by: Corona688
1 Replies

8. UNIX for Advanced & Expert Users

arp questions

Can someone please explain this output to me. Why doesn't ifconfig show the same info? ~ $ arp -a ? (10.71.0.1) at 00:1b:21:2b:eb:0c on eth0 (4 Replies)
Discussion started by: cokedude
4 Replies

9. IP Networking

Protection against arp spoofing

Hi, I'm trying to find a way to protect my network against arp spoofing. What it is: An attacker sends fake arp packets in the network, identifying himself as the router. All network traffic is then redirected to this attacker. How to protect myself: In my opinion, the best possible... (2 Replies)
Discussion started by: chrisperry
2 Replies

10. IP Networking

necessary ARP request?

Hello, I have 2 clients with Unix installed. host1: eth0 (192.168.5.10) & eth1 (192.168.10.10) host2: eth0 (192.168.10.20) I've connected host1-eth1 to host2-eth0. host1-eth0 isn't connected. I started 'tcpdump' on wonder that host2 got ARP requests for 192.168.5.10. Any idea why host1... (2 Replies)
Discussion started by: daWonderer
2 Replies

LEARN ABOUT CENTOS

firewalld.zones

FIREWALLD.ZONES(5)						  firewalld.zones						FIREWALLD.ZONES(5)

NAME

       firewalld.zones - firewalld zones

DESCRIPTION

   What is a zone?
       A network zone defines the level of trust for network connections. This is a one to many relation, which means that a connection can only
       be part of one zone, but a zone can be used for many network connections.

       The zone defines the firewall features that are enabled in this zone:

       Predefined services
	   A service is a combination of port and/or protocol entries. Optionally netfilter helper modules can be added and also a IPv4 and IPv6
	   destination address.

       Ports and protocols
	   Definition of tcp or udp ports, where ports can be a single port or a port range.

       ICMP blocks
	   Blocks selected Internet Control Message Protocol (ICMP) messages. These messages are either information requests or created as a reply
	   to information requests or in error conditions.

       Masquerading
	   The addresses of a private network are mapped to and hidden behind a public IP address. This is a form of address translation.

       Forward ports
	   A forward port is either mapped to the same port on another host or to another port on the same host or to another port on another
	   host.

       Rich language rules
	   The rich language extends the elements (service, port, icmp-block, masquerade and forward-port) with additional source and destination
	   addresses, logging, actions and limits for logs and actions. It can also be used for host or network white and black listing (for more
	   information, please have a look at firewalld.richlanguage(5)).

       For more information on the zone file format, please have a look at firewalld.zone(5).

   Which zones are available?
       Here are the zones provided by firewalld sorted according to the default trust level of the zones from untrusted to trusted:

       drop
	   Any incoming network packets are dropped, there is no reply. Only outgoing network connections are possible.

       block
	   Any incoming network connections are rejected with an icmp-host-prohibited message for IPv4 and icmp6-adm-prohibited for IPv6. Only
	   network connections initiated within this system are possible.

       public
	   For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections
	   are accepted.

       external
	   For use on external networks with masquerading enabled especially for routers. You do not trust the other computers on networks to not
	   harm your computer. Only selected incoming connections are accepted.

       dmz
	   For computers in your demilitarized zone that are publicly-accessible with limited access to your internal network. Only selected
	   incoming connections are accepted.

       work
	   For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections
	   are accepted.

       home
	   For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections
	   are accepted.

       internal
	   For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming
	   connections are accepted.

       trusted
	   All network connections are accepted.

   Which zone should be used?
       A public WIFI network connection for example should be mainly untrusted, a wired home network connection should be fairly trusted. Select
       the zone that best matches the network you are using.

   How to configure or add zones?
       To configure or add zones you can either use one of the firewalld interfaces to handle and change the configuration: These are the
       graphical configuration tool firewall-config, the command line tool firewall-cmd or the D-BUS interface. Or you can create or copy a zone
       file in one of the configuration directories.  /usr/lib/firewalld/zones is used for default and fallback configurations and
       /etc/firewalld/zones is used for user created and customized configuration files.

   How to set or change a zone for a connection?
       The zone is stored into the ifcfg of the connection with ZONE=option. If the option is missing or empty, the default zone set in firewalld
       is used.

       If the connection is controlled by NetworkManager, you can also use nm-connection-editor to change the zone.

SEE ALSO

       firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1), firewalld.conf(5), firewalld.direct(5), firewalld.icmptype(5),
       firewalld.lockdown-whitelist(5), firewall-offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5), firewalld.zone(5),
       firewalld.zones(5)

NOTES

       firewalld home page at fedorahosted.org:
	   http://fedorahosted.org/firewalld/

       More documentation with examples:
	   http://fedoraproject.org/wiki/FirewallD

AUTHORS

       Thomas Woerner <twoerner@redhat.com>
	   Developer

       Jiri Popelka <jpopelka@redhat.com>
	   Developer

firewalld 0.3.9 														FIREWALLD.ZONES(5)
All times are GMT -4. The time now is 11:32 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy