Hello, On Fri, 29 Nov 2002, Janssen Alexander wrote: > ip route add 10.1.56.222 dev eth1 # Router1 > ip route add 10.1.56.193 dev eth0 # Workstation1 > # every Workstation has it's own table > ip rule add from 10.1.56.193 table 193 > ip route add default via 10.1.56.222 dev eth1 table 193 > > In my understanding the firewall should not answer to > arp-whois requests for IP 10.1.56.193 on interface eth0. > Or did i get it wrong? Yes May be only one missing line to be happy with medium_id: ip rule add prio 100 table main Explanation: I see only the table for .193 but I assume there are other similar tables, you have asymmetric routing configured when it should not be in this way. What happens: A and B are on same LAN, Host A resolves B: who-has B tell A firewall: Q: I see probe "who-has B tell A" on dev X. Where points the route from A to B? A: There is route "from A to 0/0 => Forward via DEV Y". Well, X != Y, they have different medium_id values => answer this ARP probe on DEV X. The problem is that you have routes in this order (ip rule show): from A to 0/0 => DEV Y (table A) from 0/0 to B => DEV X (table main) You need to inspect the main table first. Regards -- Julian Anastasov <ja@ssi.bg> _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
