celttechie (Brian Jarrett) celttechie at yahoo.com
Thu Feb 22 09:10:52 MST 2001

There was an issue recently reported by (I believe) Gary to the BLUG regarding linux boxes not responding on the network.

I now have something similar happening with my Linux firewall, although through some packet sniffing I know what's happening on the network, just not what is happening inside Linux.

I have a firewall that has both interfaces on the same physical network.  When a windows machine sends an ARP request for the internal interface, the Linux machine responds with ARP replies from BOTH interfaces.  The reply from the external interface comes second, which is the last update to the workstation's ARP and happens to be incorrect.  The workstation uses this information to try and hit the internal interface but the packets go to the wrong NIC and get dropped.

Now I know that my problem would be solved if I didn't have both of my interfaces on the same physical network, but the question remains:  "Why is my Linux box sending ARP replies from both interfaces?"

One other note:  This didn't seem to start happening until I loaded SSH 2 on the Linux firewall.  Was some code added during that install that has an ARP bug in it?

Any ideas?

Maybe this is what Gary is getting also.

