[lug] ARP problems with Linux...

John Hernandez John.Hernandez at noaa.gov
Thu Feb 22 11:42:23 MST 2001 

That's odd.  What's your kernel version?  Show us your 'arp' output.  If kernel is >= 2.2 make sure that 'cat /proc/sys/net/ipv4/conf/*/proxy_arp' outputs all zeros.  If kernel < 2.2 make sure that you don't have a proxy arp entry for the entire net.

Under normal circumstances, it seems to me that only the interface bound to the IP address in question would respond.  It really sounds like proxy arp is happening -- the fact that the second (proxy) response is delayed makes sense based on the proxy_delay variable (defaults to 0.8 seconds).  see ARP(7).

"Michael J. Pedersen" wrote:
> 
> On Thu, Feb 22, 2001 at 09:10:52AM -0700, celttechie (Brian Jarrett) wrote:
> > I have a firewall that has both interfaces on the same physical network.  When a windows machine sends an ARP request for the internal interface, the Linux machine responds with ARP replies from BOTH interfaces.  The reply from the external interface comes second, which is the last update to the workstation's ARP and happens to be incorrect.  The workstation uses this information to try and hit the internal interface but the packets go to the wrong NIC and get dropped.
> 
> That sounds suspiciously like what I was having happen, though I didn't dig
> around with a sniffer at all. I just split the two logical networks into two
> physical networks. Lo and behold, my windows machine stopped crashing on me
> every 15 minutes. I'm happier now, though I've still ditched Windows entirely
> as far as any networking goes. I keep a partition loaded for some games, but
> even those don't see much action any more.
> 
> > Now I know that my problem would be solved if I didn't have both of my interfaces on the same physical network, but the question remains:  "Why is my Linux box sending ARP replies from both interfaces?"
> 
> Personal guess (and likely to be wrong): The arp request is to say who has a
> given address, and going to both nics. Linux sees that it has the address, and
> responds on both nics. Hence, Windows sees two replies to one request, and (if
> your setup is like mine), gives bad screen around then.
> 
> > One other note:  This didn't seem to start happening until I loaded SSH 2 on the Linux firewall.  Was some code added during that install that has an ARP bug in it?
> 
> Not that I know of. As far as I know, ssh is up on tcp, much higher than an
> arp request would go.
> 
> --
> Michael J. Pedersen
> My GnuPG KeyID: 4E724A60        My Public Key Available At: wwwkeys.pgp.net
> My GnuPG Key Fingerprint: C31C 7E90 5992 9E5E 9A02 233D D8DD 985E 4E72 4A60
> GnuPG available at http://www.gnupg.org
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list