Now it´s working, tks.
The reason for it is the multiple routing tables I´m using. One
interface will route with load balance, and the other is routing on a
fixed route.
To isolate the problem with the mangle (also not working) I was
testing using the telnet filter. And now I have fixed it.
eht2 is loadbalancing to 2 outside connections eth0 and eth1, and eth3
only uses eth2.
Do you suggest another way to do it ? It took me a long time to
resolve the problem this way...
Regards,
Victor
On 12/4/06, Pascal Hambourg <pascal.mail@xxxxxxxxxxxxxxx> wrote:
Hello,
victor oliveira a écrit :
> eth2 and eth3 are both connected to the same switch, and are not
> virtual. Each with a different IP.
And I suppose they are not in separate VLANs. Don't search further.
By default, the Linux kernel will accept IP traffic and reply to ARP
requests for any local address on any interface. Since eth2 and eth3 are
on the same link, both interfaces receive ARP requests, and by default
both reply with their own MAC address to ARP requests for the IP address
of eth2, so IP traffic for that IP address may be sent to eth3 instead
of eth2. If you want to change the default behaviour so that an
interface replies to ARP requests only for its own IP address, check the
following kernel parameters in /proc/sys/net/ipv4/conf/<interface>/ :
arp_filter - BOOLEAN
1 - Allows you to have multiple network interfaces on the same
subnet, and have the ARPs for each interface be answered
based on whether or not the kernel would route a packet from
the ARP'd IP out that interface (therefore you must use source
based routing for this to work). In other words it allows control
of which cards (usually 1) will respond to an arp request.
0 - (default) The kernel can respond to arp requests with addresses
from other interfaces. This may seem wrong but it usually makes
sense, because it increases the chance of successful communication.
IP addresses are owned by the complete host on Linux, not by
particular interfaces. Only for more complex setups like load-
balancing, does this behaviour cause problems.
arp_filter for the interface will be enabled if at least one of
conf/{all,interface}/arp_filter is set to TRUE,
it will be disabled otherwise
arp_ignore - INTEGER
Define different modes for sending replies in response to
received ARP requests that resolve local target IP addresses:
0 - (default): reply for any local target IP address, configured
on any interface
1 - reply only if the target IP address is local address
configured on the incoming interface
2 - reply only if the target IP address is local address
configured on the incoming interface and both with the
sender's IP address are part from same subnet on this interface
3 - do not reply for local addresses configured with scope host,
only resolutions for global and link addresses are replied
4-7 - reserved
8 - do not reply for all local addresses
The max value from conf/{all,interface}/arp_ignore is used
when ARP request is received on the {interface}
Try this :
echo 1 > /proc/sys/net/ipv4/conf/eth2/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/eth3/arp_ignore
However, my opinion is that having two interfaces on the same logical
link (link-layer broadcast domain) is not a good idea, and having two
interfaces in the same IP subnet is not a good idea either. Besides,
what is the use of filtering traffic incoming on interfaces that are on
the same network differently ?
