Verify that IPv4 Proxy ARP is disabled if not otherwise required on your VMware appliance host machines to prevent unauthorized information sharing.

About this task

IPv4 Proxy ARP allows a system to send responses to ARP requests on one interface on behalf of hosts connected to another interface. Disable it if not needed to prevent leakage of addressing information between the attached network segments.

Procedure

  1. Run the # grep [01] /proc/sys/net/ipv4/conf/*/proxy_arp|egrep "default|all" command on the VMware virtual appliance host machines to verify that IPv4 Proxy ARP is disabled.

    If IPv6 Proxy ARP is disabled on the host machines, this command will return values of 0.

    /proc/sys/net/ipv4/conf/all/proxy_arp:0
    /proc/sys/net/ipv4/conf/default/proxy_arp:0

    If the host machines are configured correctly, no further action is necessary.

  2. If you need to configure IPv6 Proxy ARP on host machines, open the /etc/sysctl.conf file in a text editor.
  3. Check for the following entries.
    net.ipv4.conf.default.proxy_arp=0
    net.ipv4.conf.all.proxy_arp=0
    

    If the entries do not exist or if their values are not set to zero, add the entries or update the existing entries accordingly.

  4. Save any changes you made and close the file.