I want to test a network with one linux-box which should get 100 different IP-Addresses, each with an own MAC which should be used as source MAC-address when communicating to other devices.
I've scripted this:
#!/bin/bash
for i in `seq 0 10 `; do
hex=`perl -e "printf ('%02X', $i)"`
echo tap$i / $hex
ip link add link eth0 address 00:00:13:37:00:$hex eth0-$i type macvlan
done
sleep 2
for i in `seq 0 10 `; do
echo eth0-$i ip
while ! ifconfig eth0-$i &>/dev/null; do
sleep 1
done
ii=`expr $i + 100`
ip addr add 10.254.251.$ii/24 dev eth0-$i
ifconfig eth0-$i up
done
then i get my devices with own IP and own MAC-Address.
But when from outside anyone ARPs for one of my IP-Addresses the linux hosts answers multiple times through eth0 with all my virtual addresses, the other device then inserts the last one in its ARP-Table.
23:43:22.764080 00:24:43:8f:e5:39 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.254.251.100 tell 10.254.251.1, length 46
23:43:22.764340 b8:27:eb:b3:e1:36 > 00:24:43:8f:e5:39, ethertype ARP (0x0806), length 42: Reply 10.254.251.100 is-at b8:27:eb:b3:e1:36, length 28
23:43:22.764442 00:00:13:37:00:00 > 00:24:43:8f:e5:39, ethertype ARP (0x0806), length 42: Reply 10.254.251.100 is-at 00:00:13:37:00:00, length 28
23:43:22.764642 00:00:13:37:00:01 > 00:24:43:8f:e5:39, ethertype ARP (0x0806), length 42: Reply 10.254.251.100 is-at 00:00:13:37:00:01, length 28
23:43:22.764733 00:00:13:37:00:02 > 00:24:43:8f:e5:39, ethertype ARP (0x0806), length 42: Reply 10.254.251.100 is-at 00:00:13:37:00:02, length 28
23:43:22.764929 00:00:13:37:00:03 > 00:24:43:8f:e5:39, ethertype ARP (0x0806), length 42: Reply 10.254.251.100 is-at 00:00:13:37:00:03, length 28
23:43:22.765071 00:00:13:37:00:04 > 00:24:43:8f:e5:39, ethertype ARP (0x0806), length 42: Reply 10.254.251.100 is-at 00:00:13:37:00:04, length 28
23:43:22.765208 00:00:13:37:00:05 > 00:24:43:8f:e5:39, ethertype ARP (0x0806), length 42: Reply 10.254.251.100 is-at 00:00:13:37:00:05, length 28
23:43:22.765342 00:00:13:37:00:06 > 00:24:43:8f:e5:39, ethertype ARP (0x0806), length 42: Reply 10.254.251.100 is-at 00:00:13:37:00:06, length 28
23:43:22.765476 00:00:13:37:00:07 > 00:24:43:8f:e5:39, ethertype ARP (0x0806), length 42: Reply 10.254.251.100 is-at 00:00:13:37:00:07, length 28
23:43:22.765560 00:00:13:37:00:08 > 00:24:43:8f:e5:39, ethertype ARP (0x0806), length 42: Reply 10.254.251.100 is-at 00:00:13:37:00:08, length 28
23:43:22.765713 00:00:13:37:00:09 > 00:24:43:8f:e5:39, ethertype ARP (0x0806), length 42: Reply 10.254.251.100 is-at 00:00:13:37:00:09, length 28
23:43:22.765845 00:00:13:37:00:0a > 00:24:43:8f:e5:39, ethertype ARP (0x0806), length 42: Reply 10.254.251.100 is-at 00:00:13:37:00:0a, length 28
23:43:22.767375 00:24:43:8f:e5:39 > b8:27:eb:b3:e1:36, ethertype IPv4 (0x0800), length 98: 10.254.251.1 > 10.254.251.100: ICMP echo request, id 2984, seq 0, length 64
23:43:22.767561 b8:27:eb:b3:e1:36 > 00:24:43:8f:e5:39, ethertype IPv4 (0x0800), length 98: 10.254.251.100 > 10.254.251.1: ICMP echo reply, id 2984, seq 0, length 64
Has anyone an idea for me how to setup? iIs macvlan the wrong way?
Using a linux brige i can do a similar setup, but the host replies for all IPs with the physical MAC of the outgoing interface.
Best Answer
Have a look at arp_filter and arp_ignore.
/proc/sys/net/ipv4/conf/*/arp_filter,/proc/sys/net/ipv4/conf/*/arp_ignore