arp replies from two adapters of same type in a machine

arp replies from two adapters of same type in a machine

[Adhiraj]

Hi all,

I have two RTL-8139 network adapters in a machine, they have these IP
addresses:
eth1: 192.168.20.1
eth2: 192.168.21.1

When I take tcpdump on these interfaces and ping to 192.168.21.1 from
192.168.21.50, I see that both the adapters reply to ARP requst sent by
192.168.21.50 machine:

/usr/sbin/tcpdump -i eth1 -vv
.
.
arp reply 192.168.21.1 is-at <MAC add of eth1>

/usr/sbin/tcpdump -i eth2 -vv
.
.
arp reply 192.168.21.1 is-at <MAC add of eth2>

Ideally eth1 should not reply to the ARP request.

Any idea why this happens?

Regards,
Adhiraj.

Re: arp replies from two adapters of same type in a machine

[Steven M Campbell]

Adhiraj wrote:
> Hi all,
>
> I have two RTL-8139 network adapters in a machine, they have these IP
> addresses:
> eth1: 192.168.20.1
> eth2: 192.168.21.1
>
> When I take tcpdump on these interfaces and ping to 192.168.21.1 from
> 192.168.21.50, I see that both the adapters reply to ARP requst sent by
> 192.168.21.50 machine:
>
> /usr/sbin/tcpdump -i eth1 -vv
> .
> .
> arp reply 192.168.21.1 is-at <MAC add of eth1>
>
> /usr/sbin/tcpdump -i eth2 -vv
> .
> .
> arp reply 192.168.21.1 is-at <MAC add of eth2>
>
> Ideally eth1 should not reply to the ARP request.
>
>   
I doubt that this is a netfilter issue, however....

I suspect proxy arp is enabled,  on a 2.6 kernel (possibly on 2.4 also 
but I'm not sure) you can see if this is so
    cat /proc/sys/net/ipv4/conf/eth1/proxy_arp
If you get a 1 then it is on, if you get a 0 then it is off.    It can 
be controlled with the sysctl program (See man sysctl).

Proxy arp would tell an interface to answer arps with it's own mac 
address, the idea is to allow nodes on the network to route through this 
system without actually having a route entry.  It's almost always a bad 
thing in practice.

Re: arp replies from two adapters of same type in a machine

[Ard van Breemen]

Hi,
On Wed, Feb 22, 2006 at 09:15:58PM +0530, Adhiraj wrote:
> I have two RTL-8139 network adapters in a machine, they have these IP
> addresses:
> eth1: 192.168.20.1
> eth2: 192.168.21.1
> 
> When I take tcpdump on these interfaces and ping to 192.168.21.1 from
> 192.168.21.50, I see that both the adapters reply to ARP requst sent by
> 192.168.21.50 machine:

I will rephrase what you have:
You have a machine with the ip addresses 192.168.20.1 and
192.168.21.1 configured in the ip stack.
You have 2 nics in the machine which the following routing:
192.168.20.0/24 dev eth1 with default source ip 192.168.20.1
192.168.21.0/24 dev eth2 with default source ip 192.168.21.1
Both nics are on the same network.

Both eth1 and eth2 get an ARP (l2) for 192.168.21.1 (l3), which
according to rfc's should be replied to no matter the source ip.

> Ideally eth1 should not reply to the ARP request.

It should.

If you don't like this behaviour you should use rp-filter for
arp, or use lvs patches to hide the ip address.

PS: this is has nothing to do with proxy-arp. Proxy-arp means you
answer for addresses you can route to. Not for addresses you
already have.

-- 
begin  LOVE-LETTER-FOR-YOU.txt.vbs
I am a signature virus. Distribute me until the bitter
end