IPv4 Proxy ARP allows a system to send responses to ARP requests on one interface on behalf of hosts connected to another interface. You must disable IPv4 Proxy ARP to prevent unauthorized information sharing. Disable the setting to prevent leakage of addressing information between the attached network segments.
Procedure
- Run the # grep [01] /proc/sys/net/ipv4/conf/*/proxy_arp|egrep "default|all" command to verify whether the Proxy ARP is disabled.
- Configure the host system to disable IPv4 Proxy ARP.
- Open the /etc/sysctl.conf file in a text editor.
- If the values are not set to
0
, add the entries or update the existing entries accordingly. Set the value to0
.net.ipv4.conf.all.proxy_arp=0 net.ipv4.conf.default.proxy_arp=0
- Save any changes you made and close the file.
- Run
# sysctl -p
to apply the configuration.