giobuon@xxxxxxxxx wrote:
Hi list,
I have a question, not really about squid but I think someone maybe
solved it before, so I post it here to hope to get the solution. I'm
sorry if it bother you.
I trying install a squid box based on newest debian amd64 to become
transparent proxy. I have two NIC on box. Both of them and the rest of
LAN + router connect to same switch. The topo is:
NIC1-----------------------------------Sw------------------------LAN
SQUID it
NIC 2----------------------------------ch-----------------------Router--------------------------Internet
NIC1 and NIC 2 on different subnet. (NIC 1 on LAN subnet, NIC 2 on
router subnet)
The problem is: when I send a ARP request from one host in LAN to NIC
1 I always get MAC address of NIC 2. Wireshark gave it more clear:
Both of NIC response to request with its own MAC address.
You have two choices. One, just connect one network cable from your
Squid box to your switch. As you've noticed, both NICs will respond to
ARP requests for any IP addressed assigned on the box.
The other option is adding the following lines to /etc/sysctl.conf (from
http://www.ultramonkey.org/3/topologies/sl-ha-lb-eg.html)...
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.eth1.arp_ignore = 1
...assuming NIC 2 is configured as eth1. This should prevent eth1 from
answering ARP requests for IP addresses that are not assigned to it.
And I have some stranger problems: Some host on LAN disconnected to the Web
(still ping, still ssh... but no web, maybe it is squid
misconfiguration, I'm not sure) for a while.
Fix the ARP problem, see if that solves the other issues.
/var/log/messages full of
logs on any ARP broadcast from the LAN. I try google and guess it is
something ppl called arp flux, but unsure.
Have you got any idea about that.
Thanks for any helping.
-giobuon
Chris
