share
Unix & LinuxHow can I disable TCP/IP for an Ethernet adapter?
[+8] [2] Deep Thought
[2012-11-19 10:39:53]
[ centos ip ethernet ppp ]
[ https://unix.stackexchange.com/questions/56092/how-can-i-disable-tcp-ip-for-an-ethernet-adapter ]

I have CentOS 6.3 running in a (virtual) machine with two Ethernet adapters. I have eth0 connected to a TCP/IP LAN and eth1 connected to a DSL modem. The system is intended as a dedicated router/firewall, and has iptables set up to do SNAT, DNAT, and the desired filtering.

This was working great but I changed DSL modems and unfortunately the new (faster) one is idiotproofed and so automatically does NAT and will not allow me to pass my public IP along to eth1. I can't tolerate double NAT so I did some research and read that this modem can be 'tricked' into giving my computer a public IP by doing the PPPoE on the computer.

I therefore set up pppd to use eth1, creating the ppp0 connection which I then substitute for eth1 in my custom iptables config script. This seems to work to a degree but I had to open up the firewall to get it to work, and it's flaky.

Partly to help in troubleshooting, I want to totally rule out the possibility of any TCP/IP traffic being directly routed to eth1 where my 'friendly' modem will happily NAT it.

To the best of my knowledge, PPPoE sits below, not above IP - on the physical interface it deals directly in Ethernet frames. Therefore I should not even have to have IP networking configured on eth1 at all in order for pppd to work, and IP networking running on eth1 therefore is just complicating matters needlessly.

Here's where I discover, silly me, I don't know how to disable the TCP/IP stack on Linux! I know on a Windows box you can just uncheck the TCP/IP protocol in the adapter properties, but here I am running a text-only CentOS and I have no idea how to do it.

Apparently it's not a very common desire, because I've been searching the Internet to no avail. It seems like a hard-wired assumption that an Ethernet adapter is a TCP/IP connection. Well, usually...

Thanks for any help! Kevin

[+7] [2012-11-19 10:55:55] Stéphane Chazelas [ACCEPTED]

Just remove the IPv4 and IPv6 addresses with ip addr flush dev eth1 and ip -6 addr flush dev eth1.


Thank you for the answer - this did work (and exposed other issues in my config). However, it seems to me like a design flaw in Linux that there isn't any explicit control of which Layer 3 protocols are bound to a given network interface. - Deep Thought
What do you mean? The IP address is the hook of the interface in the IP stack. To tell the IP stack (talking of TCP in that context doesn't make sense), just don't give it an IP address, it's as simple as that and the same in every OS including MS Windows. - Stéphane Chazelas
From an engineering perspective, there's a difference between telling the protocol itself that it doesn't have an address, and telling the operating system that the protocol is not to be bound to the given network adapter. Same effect perhaps but the latter is more secure, clear, and uniform. In Windows, there's a checklist in the adapter's properties that determines which protocols are bound to the adapter; in fact, this is the only way to unbind IP, as simply trying to remove the IP address will get an error stating The adapter requires at least one IP address. Please enter one. - Deep Thought
1
[0] [2012-11-19 12:42:03] mmoya

You can't disable TCP/IP but you can disable the interface: just run an ip link set eth1 down in the console.

Leave /etc/sysconfig/network-scripts/ifcfg-eth1 with only ONBOOT=no inside to make the change persistent.

Also check How to disable a NIC in CentOS? [1]

PD: As gertvdijk [2] noted, this will also disable the ability to run pppd through eth1.

[1] https://serverfault.com/questions/184489/how-to-disable-a-nic-in-centos
[2] https://unix.stackexchange.com/users/23363/gertvdijk

(1) Disabling a NIC will also stop Layer2 frames to pass, which are needed for PPPoE. - gertvdijk
@gertvdijk right, answer edited. - mmoya
2