(Ubuntu) Static arp configuration help, please

Discussion in 'all things UNIX' started by bgtvfr, Jun 15, 2009.

Thread Status:
Not open for further replies.
  1. bgtvfr

    bgtvfr Registered Member

    Jun 15, 2009
    Proper way, below, to achieve static arp in Ubuntu?

    # You can just add
    # Code:
    # arp -i eth0 -s IP MACOFROUTER
    # to /etc/rc.local, right before the "exit 0" line.

    This is proper method? This makes arp static? If so, in this environment is it possible for arp to be manipulated or would the above stop arp attacks and use the defined entry in rc.local?

    Or have I the need to additionally modify /etc/sysctl.conf with net.ipv4.conf arp_filter entries which are not included in sysctrl by default?

    Someone also suggesting:

    #That will fix the problem for you. Just add those to /etc/sysctl.conf and #run 'sysctl -p' (or run each line as the argument to 'sysctl -w'.
    #This will cause Linux to only respond to ARP requests on the interface that #an IP address is actually assigned to.

    Or I need to install arptables and or ebtables?

    Or is there exist more to contain and constrain arp to one router without rogue arp attacks attempting to modify my Linux system's arp?
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    May 9, 2005
    There is no need for you to tamper with arp. If you have no rogue machines within your home lan, which is true for 99.99999999999% of cases, you're perfectly ok. If you have rogues in your network, like rogue dhcp and such, and you have control over the network, simply disconnect them ... If it's not your network, let the admin take care of it.
Thread Status:
Not open for further replies.