[lug] ARP problems with Linux...

Michael J. Pedersen marvin at keepthetouch.org
Thu Feb 22 10:39:52 MST 2001

On Thu, Feb 22, 2001 at 09:10:52AM -0700, celttechie (Brian Jarrett) wrote:
> I have a firewall that has both interfaces on the same physical network.  When a windows machine sends an ARP request for the internal interface, the Linux machine responds with ARP replies from BOTH interfaces.  The reply from the external interface comes second, which is the last update to the workstation's ARP and happens to be incorrect.  The workstation uses this information to try and hit the internal interface but the packets go to the wrong NIC and get dropped.

That sounds suspiciously like what I was having happen, though I didn't dig
around with a sniffer at all. I just split the two logical networks into two
physical networks. Lo and behold, my windows machine stopped crashing on me
every 15 minutes. I'm happier now, though I've still ditched Windows entirely
as far as any networking goes. I keep a partition loaded for some games, but
even those don't see much action any more.

> Now I know that my problem would be solved if I didn't have both of my interfaces on the same physical network, but the question remains:  "Why is my Linux box sending ARP replies from both interfaces?"

Personal guess (and likely to be wrong): The arp request is to say who has a
given address, and going to both nics. Linux sees that it has the address, and
responds on both nics. Hence, Windows sees two replies to one request, and (if
your setup is like mine), gives bad screen around then.

> One other note:  This didn't seem to start happening until I loaded SSH 2 on the Linux firewall.  Was some code added during that install that has an ARP bug in it?

Not that I know of. As far as I know, ssh is up on tcp, much higher than an
arp request would go.

Michael J. Pedersen
My GnuPG KeyID: 4E724A60        My Public Key Available At: wwwkeys.pgp.net
My GnuPG Key Fingerprint: C31C 7E90 5992 9E5E 9A02 233D D8DD 985E 4E72 4A60
GnuPG available at http://www.gnupg.org

More information about the LUG mailing list