On 2020-02-01 12:40, Samuel Sieb wrote: > On 1/31/20 8:33 PM, Ed Greshko wrote: >> On 2020-02-01 06:16, Samuel Sieb wrote: >>> An ARP lookup is only done on sending, not receiving. >> >> Humm.... That appears to be incorrect. > > [snip arp test] > > You're missing an important piece. When you make a tcp connection, the target computer has to send packets back, so needs to arp. In the OP's case, the sending IP address is not on the local subnet, so to send a reply, the targeted computer has to arp the gateway to send a reply. In your example, all the computers are on the same subnet. Yes, but if the packets aren't coming via the firewall as the OP contends (and he hasn't revealed if the fw and gware one and the same) then it must be coming from a rogue system with an alternate internet connection. If that rogue system is also on the same LAN then the targeted system needs to know the ARP address ofwhere to send the rejection packets. It has been close to 15 years, but we had that situation at a company I worked at. When the company was bought by British Telecom they installed their networking and firewall with restrictions that chaffed atone department. One restriction being that the firewall would not allow incoming connections. They wantedtheir remote workers to be able to telnet in. VPN wasn't an option either. But the folks in that department had enough weight that they were able to order a circuit from Chungwa Telecom for their own use without BT's knowledge. They "goofed" and packets from their connection found their way onto the BT side. I'm pretty sure we tracked down what happened using arp to some degree. -- The key to getting good answers is to ask good questions. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx