Bad ARP from dual-NIC Linux
Jim Irving
jirving@hornblower.com
Fri Dec 3 13:46:57 1999
I'm hoping someone can help with a nagging problem that may have
something to do with my eepro100 cards and drivers. I have a Dell
PowerEdge 4300 running RedHat Linux 6.0 (2.2 kernel?) with two
single-port eepro100 NICs. One connects to the Internet side of our
firewall and one is on our LAN. A gateway/firewall router with two
Ethernet ports is similarly connected. Our internal IP addresses are
isolated from the Internet by the router, which performs NAT (net
address translation) on outgoing requests.
The problem: Entries appear in the router's ARP table that associate the
MAC address of the Linux server's LAN-side NIC with the server's
Internet-side IP address. These entries indicate that it is accessible
through the router's Internet-side Ethernet interface. This happens for
both of two IP addresses that the server's Internet-side NIC is set to
respond to.
This prevents us from accessing the Linux server's public interface from
inside our LAN. I can delete the offending ARP entries on the router and
fix it temporarily, but the bad entries always reappear, typically after
twenty minutes (the expire time for the router's ARP entries) or so.
Based on what I know about ARP (not much), the router knows by the
destination IP address that the ARP request should be issued on its
Internet-side interface. The request is handled by the Linux server's
eepro100 driver software, not by Linux in some higher level software. It
seems that the faulty information might originate either in the router's
request or in the Linux NIC's response.
A router tech told me (predictably?) that the problem is on the Linux
side. I guess I need to do some packet analysis, but I don't have much
experience or tools for this. Does anyone out there run a similar
dual-port Linux configuration? Any info about where or how to look for
the cause would be much appreciated.
--
Jim Irving, Manager of Information Technology
Hornblower Yachts, Inc., San Francisco CA
jirving@hornblower.com