IPv4 Proxy ARP allows a system to send responses to ARP requests on one interface on behalf of hosts connected to another interface. You must deactivate IPv4 Proxy ARP to prevent unauthorized information sharing. Deactivate the setting to prevent leakage of addressing information between the attached network segments.
Procedure
- Run the # grep [01] /proc/sys/net/ipv4/conf/*/proxy_arp|egrep "default|all" command to verify whether the Proxy ARP is deactivated.
- Configure the host system to deactivate IPv4 Proxy ARP.
- Open the /etc/sysctl.conf file in a text editor.
- If the values are not set to
0
, add the entries or update the existing entries accordingly. Set the value to0
.net.ipv4.conf.all.proxy_arp=0 net.ipv4.conf.default.proxy_arp=0
- Save any changes you made and close the file.
- Run
# sysctl -p
to apply the configuration.