- How to enable or disable Proxy ARP on Linux
- How to Use arp Command on Linux
- Installing arp on Linux
- Using the arp Command
- Vital Flags and Options for the arp Command
- Using the arp Commands on Linux with Examples
- Display Entries for a Specific Interface
- Display Entries for a Specific Address
- Find Detailed info About the Device and its Entries
- Adding a Brand New Entry
- Removing an Entry
- How to add or remove a static ARP entry on Linux
- Add a Static ARP Entry to Local ARP Table
- Delete a Static ARP Entry from Local ARP Table
- Add Static ARP Entries Permanently on Linux
- Support Xmodulo
How to enable or disable Proxy ARP on Linux
Let’s look at the status of Proxy ARP (1 – enabled, 0 – disabled):
cat /proc/sys/net/ipv4/conf/all/proxy_arp
You can look at a specific network interface (where eth0 is the name of the network interface):
cat /proc/sys/net/ipv4/conf/eth0/proxy_arp
You can enable Proxy ARP as follows:
sudo -i echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
sudo sysctl net.ipv4.conf.all.proxy_arp=1 sudo sysctl net.ipv4.conf.eth0.proxy_arp=1 sudo sysctl -p
To turn off the Proxy ARP commands are similar, you only need to specify 0 instead of 1.
The above changes will be reset after restarting the system so that this does not happen, open the file /etc/sysctl.conf in any text editor:
net.ipv4.conf.all.proxy_arp=1 net.ipv4.conf.eth0.proxy_arp=1
If necessary, you can see the incoming ARP packets via tcpdump:
sudo tcpdump -n -i eth0 -e arp
There are also other arp settings, I will give an example of how to view them:
sysctl -a | grep net.ipv4.conf.*.arp
If port isolation is configured on the switches and you need clients in the same VLAN to see each other (in this case, all traffic will go through the server), then you need to enable proxy_arp_pvlan, by default it is disabled, that is, equal to 0. Note that on the server with accel-ppp with proxy-arp enabled, for example, you do not need to enable proxy_arp and proxy_arp_pvlan, since accel-ppp does it itself.
net.ipv4.conf.all.proxy_arp_pvlan = 0 net.ipv4.conf.default.proxy_arp_pvlan = 0 net.ipv4.conf.eth0.proxy_arp_pvlan = 0 net.ipv4.conf.eth0.proxy_arp_pvlan = 0
How to Use arp Command on Linux
ARP or arp stands for something called Address Resolution Protocol. It is a protocol that connects an existing internet protocol address to a fixed physical machine address. The likes of machine addresses include the MAC address in LAN. Read and learn how you can use the arp command on Linux.
When a new computer joins a local area network, it receives a unique IP address used for identification and communication in that network. This IP is stored in the arp cache, which is later used to find the MAC address of a device. Linux OS, in general, has an arp command that can play or manipulate the arp cache.
Installing arp on Linux
ARP is a part of the net-tools package on Linux OS. The arp commands, as already mentioned, manipulate the system’s ARP cache. This further allows a complete dump of the ARP cache.
Run the following command to install the arp package:
$ sudo apt-get install net-tools
ARP package is available by default in many Linuxes. If your system doesn’t have one, install it using the above command.
Once a rp is available, you can use it through the command-line interface to perform several actions.
Using the arp Command
Before you learn how to use the arp command on Linux, it is crucial to know the basic syntax. Speaking of syntax, it looks something like this:
$ arp [-v] [-i if] [-H type] -a[host_name]
Remember, you can always use the arp command without any other options. What it will do is list the current contents of the ARP cache.
Here, you can notice the following columns: Address, HWtype, HWaddress, Flags, Maks, and Iface.
- In our system, the corresponding address is _gateway . However, you may find IPV4 addresses listed, example: 192.168.9.10.
- The HWtype is specified as the ether, which is for Ethernet, and the Headdress is the MAC address, basically the physical address.
- The Flags column points to when and if the address has been learned or manually set by the user. It does the same when published or is incomplete.
- The Iface column is simply the name of the interface.
Vital Flags and Options for the arp Command
Here is how the list of flags or options with the arp command transpires:
- -v or —verbose: To display the information in detail i.e verbosely.
- -n or —numeric : To show numerical addresses.
- -H type or —hw-Type type: To set or read the ARP cache. These optional parameters instruct the arp to check a specific class of entries. The default value is ether but can have either ARCnet, PROnet, AX.25 or NETROM.
- -a , —all : Usually used to display entries of given host. If no hostname parameter is given, then all entries will be displayed.
- -d or —delete : To remove an entry for the specified host. This command may ask for sudo privilege.
- -D or —use-device: The given argument is used to display and set proxy .
- -e : Used to display the entries in the default style.
- -s , —set : Used to manually create an ARP address mapping entry for a given host name. The physical address is set to hw_address . For the Ethernet , 6 bytes in hexadecimal code separated by colon Example: ac:4b:5f:3e:rr:t5
When adding proxy arp entries for the given host, a netmask can be specified to proxy arp for the whole subnet. This is usually not a good practice. If the temp option is not supplied, the entries will be permanently stored in the ARP cache.
- -f , —file : It is similar to the -s option, but the address info is taken from the file name given. The data file name is often /etc/ethers , but this is not always the case. By default, the directory is /etc/ethers if no file name is specified.
The format for the file is simple because it only contains an ASCII text line with a hostname and a hardware address. Remember, these are serrated by whitespace .
Using the arp Commands on Linux with Examples
Now that you know how to install arp on Linux, it is time to uncover the usage parameters. To help you understand everything seamlessly, we’ve crafted the most digestible guide. Walk through, and you’ll learn how to use the arp command on Linux.
Display Entries for a Specific Interface
This command is used to see all the arp entries for a particular interface. Yes, something like this
Display Entries for a Specific Address
This command is used for all the arp entries corresponding to a particular address.
? (192.168.1.20) at 95:fg:ac:ed:e4:e3 [ether] on enp0s3
Find Detailed info About the Device and its Entries
Here we use the -v flag or option to get detailed information about the device and its respective entries.
Adding a Brand New Entry
This command adds an entry (permanently) to the cache. It uses the -s option with IP address, MAC address, and interface.
Removing an Entry
To remove entries from the arp cache, you can use the -d flag. It requires additional parameters like IP address. You’ll require sudo privileges to use this command.
With that, we’re done talking about the arp command on Linux and how to use it. In case you’ve dedicated your time to reading this piece, you already know all the crucial information. Let us know if you need help with anything.
If this guide helped you, please share it.
Husain is a staff writer at Distroid and has been writing on all things Linux and cybersecurity for over 10 years. He previously worked as a technical writer for wikiHow. In his past time, he loves taking tech apart and see what makes them tick, without necessarily putting it all back together. LinkedIn
Leave a Reply
You must be logged in to post a comment.
How to add or remove a static ARP entry on Linux
ARP (short for «Address Resolution Protocol») is a network protocol used to map an IP network address to a corresponding hardware MAC address. When host X wants to communicate host Y , X first broadcasts an ARP request on its local network to obtain Y ‘s MAC address. Once X receives ARP reply containing Y ‘s MAC address, X uses the information to construct Ethernet frames destined for Y .
The IP/MAC address mapping information so obtained is cached in local ARP table, so that ARP query process can be omitted subsequently.
Problems can arise when for whatever reason, host X does not receive ARP replies for a destination host Y with which it wishes to communicate. In other cases, ARP replies come in, but contain a MAC address associated with an incorrect host Z . Such corrupted ARP replies will result in traffic hijacking, where traffic that should have been sent to Y ends up arriving at host Z .
When dealing with these kinds of ARP-induced abnormal situations, it’s useful to be able to add static ARP entries manually on locally cached ARP table. When a MAC address of a destination host Y is found in local ARP table, there is no need to send out ARP requests.
Add a Static ARP Entry to Local ARP Table
$ sudo arp -s 10.0.0.2 00:0c:29:c0:94:bf
The above commands tells local ARP table that the host with IP address 10.0.0.2 has MAC address 00:0c:29:c0:94:bf . Once you have configured a static ARP entry, you can verify that.
? (192.168.10.47) at e0:db:55:ce:13:f1 [ether] on eth0 ? (192.168.10.1) at 00:e0:b1:cb:07:30 [ether] on eth0 ? (10.0.0.2) at 00:0c:29:c0:94:bf [ether] PERM on eth1
As you can see above, the statically configured ARP entry correctly shows up, marked as PERM in the ARP table.
Delete a Static ARP Entry from Local ARP Table
$ arp -a -n ? (135.112.29.47) at e0:db:55:ce:13:f1 [ether] on eth0 ? (135.112.29.1) at 00:e0:b1:cb:07:30 [ether] on eth0 ? (10.0.0.2) at on eth1
Add Static ARP Entries Permanently on Linux
Note that any ARP entry added by arp command at run time like above does not remain persistently across reboots. In order to add a static ARP entry permanently, what you can do is to load ARP entries from an external file automatically when a network interface is up. For that, first create a file that contains static ARP entries.
00:0c:29:c0:94:bf 10.0.0.2 00:0c:59:44:f0:a0 10.0.0.5 . . . .
The arp command allows you to load any external file using -f option.
Now you need to set the above command to be run automatically when a given network interface (e.g., eth0 ) is up. There are distribution-specific ways to run a startup command for network interfaces. Following are distribution-specific examples.
Here I assume that you are not using Network Manager on your Linux system. So if you are using Network Manager, you will have to disable it first.
On Ubuntu, Debian or Mint, add the following entry in /etc/network/interfaces :
iface wlan0 inet dhcp . . . post-up arp -f /etc/ethers
On CentOS, RHEL or Fedora, create the following executable script, as described in this tutorial:
#!/bin/sh if [[ "$1" == "eth0" ]] then arp -f /etc/ethers else #DO_NOTHING fi
Make the script executable:
$ sudo chmod +x /sbin/ifup-local
Support Xmodulo
This website is made possible by minimal ads and your gracious donation via PayPal or credit card
Please note that this article is published by Xmodulo.com under a Creative Commons Attribution-ShareAlike 3.0 Unported License. If you would like to use the whole or any part of this article, you need to cite this web page at Xmodulo.com as the original source.