Bad ARP from dual-NIC Linux
Simon Andrew Boggis
simon@dcs.qmw.ac.uk
Sat Dec 4 21:43:42 1999
>
> A router tech told me (predictably?) that the problem is on the Linux
> side. I guess I need to do some packet analysis, but I don't have much
> experience or tools for this. Does anyone out there run a similar
> dual-port Linux configuration? Any info about where or how to look for
> the cause would be much appreciated.
>
> --
> Jim Irving, Manager of Information Technology
> Hornblower Yachts, Inc., San Francisco CA
> jirving@hornblower.com
>
I have two linux routers which each have 3 dual-port 8859 eepro cards.
Similarly to your setup, each has 1 connection to the outside world and
the other ports provide one connection per router to each of my subnets.
I had a look around at the arp tables on some of my host machines, but
I couldn't see anything wrong, neither do any of my freebsd boxes report
changes in the hardware address (as reported in a reply). Been running
for six months without problems now. Perhaps the problem is provoked by
the NAT - I do use aliasing on my boxes (more than one ip address per
interface), and I do packet filtering, but I don't do NAT or masquerading
of any sort. Or maybe the router *is* broken (: - is it possible to connect
another machine to the internet side and see what it gets in its arp tables?
Failing that, tcpdump your interfaces to see what arp packets are
doing (or use ethereal or whatever you like):
to catch all arp packets (doing this FROM your multi-NIC server):
tcpdump -i eth0 'arp'
and to filter them dow$n to just the ones that involve your interface as
source or destination:
tcpdump -i eth0 'arp host 10.0.0.1'
or
tcpdump -i eth0 'arp host interfacename'
ought to show you the packets you are interested in. You could try deleting
the arp entry and watching to see the info that gets passed.
hope that helps a little.
Simon
Simon A. Boggis Systems Programmer
Department of Computer Science,
Queen Mary and Westfield College London, E1 4NS, UK. Telephone 0171 975 5234