We can use static ARP entries on hosts or routers to reduce ARP-traffic or to prevent ARP-spoofing. For such entries we need pairs of MAC-addresses and IP-addresses. The same information we also need for static DHCP-entries on a DHCP-server. Why not combine?
Static ARP
The arp-utility allows us to set static ARP-entries. We can manually set an entry( -s option ) or using a file ( -f option). On many distributions /etc/ethers is used by default. The format of this file is simple: a hostname and a hardware address separated by whitespace.In all places where a hostname is expected, one can also enter an IP address.
Let’s use the following entry:
/etc/ethers:
54:a0:50:eb:ed:d7 printer.tardis.home
We can use /etc/hosts for nameresolution:
172.16.0.10 printer.tardis.home
Now we can load the static entry using:
arp -f
..and check if it is set correctly:
Address HWtype HWaddress Flags Mask Iface
printer.tardis.home ether 54:a0:50:eb:ed:d7 CM eth2
According to the manual-page “CM” means that the entry is complete and marked permanently. /etc/ethers is not loaded automatically when the machine starts up. We have to ensure this by ourself. Therefore I call “arp -f” after my network-interface is up’n running. The following lines will work on Debian-based machines:
auto eth2
iface eth2 inet static
address 172.16.0.1
network 172.16.0.0
netmask 255.255.255.0
broadcast 172.16.0.255
post-up arp -f
DHCP
DNSmasq is a handy little DNS-forwarder/DHCP-server. It’s very lightweight and simple to configure. It forwards DNS-requests to the DNS-servers defined in the /etc/resolv.conf. But it can also look up entries in the /etc/hosts. In that way it is possible to set some addresses manually(that’s why I used /etc/hosts in the arp-configuration above). The cool thing about dnsmasq is, that it can also read /etc/ethers for static dhcp-host-entries. We just need to configure the following line in /etc/dnsmasq.conf:
# If this line is uncommented, dnsmasq will read /etc/ethers and act
# on the ethernet-address/IP pairs found there just as if they had
# been given as --dhcp-host options. Useful if you keep
# MAC-address/host mappings there for other purposes.
read-ethers
Summary
In this article I described how to manage static ARP-entries and static DHCP-hosts using only one file. Additionally we can use /etc/hosts for manual DNS-entries, if we want. On DHCP-servers we need to configure these settings anyway, so why not use them to set the arptable too?
