linux 在使用双网卡系统时,当这两个不同网段的网口接到同一个交换机上,会出现 eth0 的 arp 请求,会在 eth1 上收到并回复,相当于自己检测到了自己的 ip。
linux 的底层,默认情况下,多网卡的 arp 是互通的。
可通过配置 arp_ignore
解决
arp_ignore - INTEGER
Define different modes for sending replies in response to
received ARP requests that resolve local target IP addresses:
0 - (default): reply for any local target IP address, configured
on any interface
1 - reply only if the target IP address is local address
configured on the incoming interface
2 - reply only if the target IP address is local address
configured on the incoming interface and both with the
sender's IP address are part from same subnet on this interface
3 - do not reply for local addresses configured with scope host,
only resolutions for global and link addresses are replied
4-7 - reserved
8 - do not reply for all local addresses
The max value from conf/{all,interface}/arp_ignore is used
when ARP request is received on the {interface}
arp_ignore 参数常用的取值主要有 0、1、2
,3~8 较少用到:
copy 解释如下:
0 - 响应任意网卡上接收到的对本机IP地址的arp请求(包括环回网卡上的地址),
而不管该目的IP是否在接收网卡上。
1 - 只响应目的IP地址为接收网卡上的本地地址的arp请求。
2 - 只响应目的IP地址为接收网卡上的本地地址的arp请求,并且arp请求的源IP
必须和接收网卡同网段。
3 - 如果ARP请求数据包所请求的IP地址对应的本地地址其作用域(scope)为
主机(host),则不回应ARP响应数据包,如果作用域为全局(global)或链路(link),
则回应ARP响应数据包。
4~7 - 保留未使用
8 - 不回应所有本地的arp请求
arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
sysctl -w
命令写入sysctl -w net.ipv4.conf.all.arp_ignore=1
sysctl.conf
修改net.ipv4.conf.all.arp_ignore=1
然后通过命令 sysctl -p
更新配置
https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
https://www.jianshu.com/p/734640384fda
https://blog.csdn.net/bandaoyu/article/details/126669168