On 8/17/06, Luciano Ruete <luciano@xxxxxxxxxxxxx> wrote:
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
>
> I will try all this tommorow, don't have acces to the box right now.
>
> About turning of arp. If you turn them all of, wouldnt the nics (ip's) be
> unfindable from the outside world? Or does the switch they connect to
> respond to such an arp request aswell?
what you're turning off is that the device answers arp(whohas) requests for
ips that are not from that specific device itself. The ips assigned to the
device will cotinue answer as normal.
> But what you are saying is that if i had a box with 2 nics each connected
> to a different ISP, so each nic with a different gateway and ip. That if
> nic1 would recieve a arp request for the ip from nic2, it would respond
> with mac-adres from nic1.
exactly!
> So that could mean that all packets would come in
> over nic1, even if they have destination ip(nic2)?
exactly, and will arrive destiny anyway, but they are incoming for the wrong
iface.
> Seems to me that this is
> never realy desirable.
It is a really cuestionable default, but for shure that there are reasons for
this(maybe a thread in lkml archives could answer this cuestion), reasons
that i do not know.
> Especialy if nic2 would have an static ip and i
> would unplug nic2 on purpose.
well thats the other scenario where i face the same problem, first guess is
obvious MAC cache, and you tend to think that is fucked up, and no, it is
this crossed arp answer.
--
Luciano
Hi Luciano and Jarek,
Thanks for all your help so far.
Ive had some try on the box this weekend. Unfortunatly its not in the student complex anymore, but it will be very soon. So for now ive simulated the situation by connecting 2 nics to a switch and that switch to a router.
This is the script i used so far, no NAT rules yet because i have no extra computer to connect to the box. Its Jareks script completed with some hints from Luciano
ip route add default nexthop via x.x.x.x dev eth1 onlink\ nexthop via x.x.x.x dev eth2 onlink ip route add 192.168.0.0/24 dev eth0 table 101 ip route add default via x.x.x.x dev eth1 table 101 ip route add 192.168.0.0/24 dev eth0 table 102 ip route add default via x.x.x.x dev eth2 table 102 ip rule add fwmark 1 table 101 ip rule add fwmark 2 table 102 iptables -t mangle -A POSTROUTING -o eth1 -j MARK --set-mark 1 iptables -t mangle -A POSTROUTING -o eth2 -j MARK --set-mark 2 iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
I am thinking if it wouldn't be better to include a src = "" to the "route add default" entries.
ofcourse this would go wrong if i would recive a new ip from the isp on one of the nics. So if its not needed then i would rather leave it out.
ive tested the script with
it does indeed answer wit eth1 for the first and eth2 for the seccond. It didnt do this with my other attempts. Im not sure if this is a real vallid tes though.
Regards,
Jacques
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
