On Tue, 5 Jun 2001, Snyder, Ryan wrote:
> I am running CheckPoint Firewall under Linux 2.2.19. The Firewall is
> working fine,
> but on the interface that is connected to the Internet via a Cisco router
> has over 950
> entries in the arp cache. I understand this is normal, but since there is
> only one
> route to the Internet, is there a way to not have Linux to an arp cache
> lookup, or even
> a setting to make the cache size much bigger?
The arp entries should definitely not be on the Cisco interface, if
everything is set up right.
If you understand the consequences, add 'no ip proxy-arp' on Cisco
interface configuration. If proxy arp is required, your network is
probably designed badly. Sometimes it is really needed though.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
|