Greetings;
Newbee to this list, old fart in linux and body here. Been running linux since RH-5.1, and am in my 69th year here.
This is long, but I've tried to include all pertinent data.
I've just had a puzzling 4 hours. This is a new mobo, a Biostar M7NCD-Pro, with an onboard ethernet device built into the nFORCE2 chip set on this board. This uses the forcedeth driver.
Kernel is 2.6.8-rc2, on a synaptic FC1 updated system.
With everything setup identically to what is now fully working for a D-Link/Realtek RTL-8139too EXCEPT the driver (switch to forcedeth), and the mAC address(which on this mobo has to be manually assigned in the bios, it is not hard coded in the chipset), any network packet sent thru the usual gateway etc to my firewall box (which has 2 nics in it, on 2 different 192.168.x.x subnets) the packet from the nforce device stops at the iptables linking the 2 nics together in the firewall box.
I can ping the firewall, and I can ssh into it, so that part of the network is fine, I just cannot get past iptables in the firewall when eth0 is the nforce hardware, which has a different MAC address.
The firewall box can browse the net, and an old 233mhz P2 in the shop can browse the net, all 3 plugged into an 8 port netgear switch on the local side of the firewall.
There's a Linksys 4 port + WAN router on the internet side of the firewall, WAN port fed by a westell dsl modem, all on verizon.net.
To prove the point, I just re-installed the D-Link 311 card, used redhat-config-network to destroy the old eth0, and built a new one using exactly the same ip addresses and masks, dns, host, etc etc, and was back on the net in about 10 minutes from powerup.
From this, I have to assume that somehow, iptables-1.2.7, (not updateable without a lot of dependency hell, its a RH7.3 box and I don't normally fix what ain't broke, currently 78 days uptime) while not claiming to be MAC sensitive, apparently must be from all available clues. AFAIK, there are no rules mentioning the MAC of anything there.
The problem then is how do I fix it, or make it renew its arp tables data (or make arp renew its data maybe) so that I can free up that pci slot and use the on-board nforce2 ethernet? FWIW, when pinging the firewall, its nearly 2x faster than the Realtek. Lots less latency.
Any advice will be gratefully applied.
One thing I haven't tried is to reset the MAC address for the nforce2 ethernet to match the D-Links hardware address. Is it worth a try just to prove the point?
I'd think so. Its a two minute test to verify that the problem is related to the MAC address of nic in the firewall. You may also want to add a LOG target to all the chains in your firewall to match on the origional MAC address so you can see what your iptables code is doing with the packet.
HTH Neil
-- /*************************************************** *Neil Horman *Software Engineer *Red Hat, Inc. *nhorman@redhat.com *gpg keyid: 1024D / 0x92A74FA1 *http://pgp.mit.edu ***************************************************/ - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
