I solved it. Just enable arp_filter to prevent arp flux: sysctl -w net.ipv4.conf.all.arp_filter=1 More info can be found on: http://linux-ip.net/html/ether-arp.html#ether-arp-flux Logs on /var/log/messages came from iptables so just disable it. On Tue, Jun 9, 2009 at 3:33 PM, giobuon@xxxxxxxxx<giobuon@xxxxxxxxx> wrote: > Hi list, > I have a question, not really about squid but I think someone maybe > solved it before, so I post it here to hope to get the solution. I'm > sorry if it bother you. > I trying install a squid box based on newest debian amd64 to become > transparent proxy. I have two NIC on box. Both of them and the rest of > LAN + router connect to same switch. The topo is: > NIC1-----------------------------------Sw------------------------LAN > SQUID it > NIC 2----------------------------------ch-----------------------Router--------------------------Internet > > NIC1 and NIC 2 on different subnet. (NIC 1 on LAN subnet, NIC 2 on > router subnet) > > The problem is: when I send a ARP request from one host in LAN to NIC > 1 I always get MAC address of NIC 2. Wireshark gave it more clear: > Both of NIC response to request with its own MAC address. And I have > some stranger problems: Some host on LAN disconnected to the Web > (still ping, still ssh... but no web, maybe it is squid > misconfiguration, I'm not sure) for a while. /var/log/messages full of > logs on any ARP broadcast from the LAN. I try google and guess it is > something ppl called arp flux, but unsure. > Have you got any idea about that. > Thanks for any helping. > -giobuon >