that does sound reasonable on what is happening. thx for the help. NAT =====Switch-----switch -----arpwatch = two cables - one cable also gif version @ http://www.highlandshighspeed.net/images/network.gif ----- Original Message ----- From: "Martin A. Brown" <mabrown-lartc@xxxxxxxxxxxxxx> To: "Chris K Ellsworth" <cke@xxxxxxxxxxxxxxxxxxxxxx> Cc: "LARTC" <lartc@xxxxxxxxxxxxxxx> Sent: Saturday, April 05, 2003 10:36 AM Subject: Re: [LARTC] Snat Mac address changing > Chris, > > What does the physical interconnection of cables look like? > Where is the arpwatch daemon? > Do you have your public network and private network connected to > the same hub/switch? > > Could you give us a bit of ASCII art to show the configuration? > > Judging from the symptoms, the only logical explanation I can imagine is > as follows. You have your public and private networks connected to the > same medium (hub/switch). Now, when a host on this network makes an ARP > request for 198.31.174.56, it might get two answers. > > >From any other box on the network try the following command: > > # arping -I eth0 -c 3 198.31.174.56 > > See here for an explanation of ARP flux, if this is your problem: > > http://linux-ip.net/html/ether-arp.html#ether-arp-flux > > Good luck, > > -Martin > > : ok i have a program called arpwatch on the network, monitors arp/ipmatching, > : it sees that the public side of the Snat box has its mac address switch > : between the public and private interface. > : here i tried to provide most the information that i can think of. > : > : iptables v1.2.7a: > : ____________________ > : Linux ns.highlandshighspeed.net 2.4.19-gentoo-r10 #5 Sun Mar 9 16:53:57 PST > : 2003 > : i686 Intel(R) Pentium(R) 4 CPU 1.60GHz GenuineIntel GNU/Linux > : _____________________________ > : /bin/echo 1 > /proc/sys/net/ipv4/ip_forward > : iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 198.31.174.56 > : __________________________ > : Chain PREROUTING (policy ACCEPT) > : target prot opt source destination > : > : Chain POSTROUTING (policy ACCEPT) > : target prot opt source destination > : SNAT all -- anywhere anywhere to:198.31.174.56 > : > : Chain OUTPUT (policy ACCEPT) > : target prot opt source destination > : __________________________ > : eth0 Link encap:Ethernet HWaddr 00:04:75:A0:DE:59 > : inet addr:a.b.c.d Bcast:198.31.174.255 Mask:255.255.255.0 > : UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > : RX packets:18320637 errors:0 dropped:0 overruns:1 frame:0 > : TX packets:18395481 errors:0 dropped:0 overruns:0 carrier:0 > : collisions:0 txqueuelen:100 > : RX bytes:3151929956 (3005.9 Mb) TX bytes:4285940372 (4087.3 Mb) > : Interrupt:11 Base address:0xe400 > : > : eth1 Link encap:Ethernet HWaddr 00:04:75:A0:DD:F9 > : inet addr:A.B.C.D Bcast:192.168.33.255 Mask:255.255.255.0 > : UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > : RX packets:20321245 errors:0 dropped:0 overruns:5 frame:0 > : TX packets:18611116 errors:0 dropped:0 overruns:0 carrier:0 > : collisions:0 txqueuelen:100 > : RX bytes:768762048 (733.1 Mb) TX bytes:3808977459 (3632.5 Mb) > : Interrupt:10 Base address:0xe800 > > -- > Martin A. Brown --- SecurePipe, Inc. --- mabrown@xxxxxxxxxxxxxx > >
