Howdy,
I have a bridging firewall hung off of a cable modem network with 5 PC's
behind it. I'd like to cut down on the amount of broadcast ARP traffic that
I'm seeing:
# time /usr/sbin/tcpdump -n -b arp -c 100
real 0m7.831s
That's a wee bit excessive ;-)
I've bumped by brconfig maxaddr up to near-absurb levels, but I still see this
ARP traffic coming through. None of it is for my machines or for my gateway,
and I'f be fine with blocking all ARP traffic that isn't for me. I could live
with not having a decent ARP cache internally (I'd static my gateway's MAC).
It seems to me that as long as I have this nice bridge learning all these
addresses that it ought to be able to determine "ARP request on outside
segment, I already know the answer will come on the outside segment, why
bother passing it inwards?".
(Once again, I know that I'll lose ARP caching efficiency on the inside. For
the two times a months that I need to access another host on the providers
network, I take the efficiency hit over having this flood through my internal
LAN any day).
Any information on how to do this appreciated,
- Tillman
|