* [LARTC] Snat Mac address changing
@ 2003-04-05 18:06 Chris K Ellsworth
2003-04-05 18:36 ` Martin A. Brown
2003-04-05 21:39 ` Chris K Ellsworth
0 siblings, 2 replies; 3+ messages in thread
From: Chris K Ellsworth @ 2003-04-05 18:06 UTC (permalink / raw)
To: lartc
ok i have a program called arpwatch on the network, monitors arp/ipmatching,
it sees that the public side of the Snat box has its mac address switch
between the public and private interface.
here i tried to provide most the information that i can think of.
iptables v1.2.7a:
____________________
Linux ns.highlandshighspeed.net 2.4.19-gentoo-r10 #5 Sun Mar 9 16:53:57 PST
2003
i686 Intel(R) Pentium(R) 4 CPU 1.60GHz GenuineIntel GNU/Linux
_____________________________
/bin/echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 198.31.174.56
__________________________
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- anywhere anywhere to:198.31.174.56
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
__________________________
eth0 Link encap:Ethernet HWaddr 00:04:75:A0:DE:59
inet addr:a.b.c.d Bcast:198.31.174.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18320637 errors:0 dropped:0 overruns:1 frame:0
TX packets:18395481 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:3151929956 (3005.9 Mb) TX bytes:4285940372 (4087.3 Mb)
Interrupt:11 Base address:0xe400
eth1 Link encap:Ethernet HWaddr 00:04:75:A0:DD:F9
inet addr:A.B.C.D Bcast:192.168.33.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:20321245 errors:0 dropped:0 overruns:5 frame:0
TX packets:18611116 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:768762048 (733.1 Mb) TX bytes:3808977459 (3632.5 Mb)
Interrupt:10 Base address:0xe800
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] Snat Mac address changing
2003-04-05 18:06 [LARTC] Snat Mac address changing Chris K Ellsworth
@ 2003-04-05 18:36 ` Martin A. Brown
2003-04-05 21:39 ` Chris K Ellsworth
1 sibling, 0 replies; 3+ messages in thread
From: Martin A. Brown @ 2003-04-05 18:36 UTC (permalink / raw)
To: lartc
Chris,
What does the physical interconnection of cables look like?
Where is the arpwatch daemon?
Do you have your public network and private network connected to
the same hub/switch?
Could you give us a bit of ASCII art to show the configuration?
Judging from the symptoms, the only logical explanation I can imagine is
as follows. You have your public and private networks connected to the
same medium (hub/switch). Now, when a host on this network makes an ARP
request for 198.31.174.56, it might get two answers.
From any other box on the network try the following command:
# arping -I eth0 -c 3 198.31.174.56
See here for an explanation of ARP flux, if this is your problem:
http://linux-ip.net/html/ether-arp.html#ether-arp-flux
Good luck,
-Martin
: ok i have a program called arpwatch on the network, monitors arp/ipmatching,
: it sees that the public side of the Snat box has its mac address switch
: between the public and private interface.
: here i tried to provide most the information that i can think of.
:
: iptables v1.2.7a:
: ____________________
: Linux ns.highlandshighspeed.net 2.4.19-gentoo-r10 #5 Sun Mar 9 16:53:57 PST
: 2003
: i686 Intel(R) Pentium(R) 4 CPU 1.60GHz GenuineIntel GNU/Linux
: _____________________________
: /bin/echo 1 > /proc/sys/net/ipv4/ip_forward
: iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 198.31.174.56
: __________________________
: Chain PREROUTING (policy ACCEPT)
: target prot opt source destination
:
: Chain POSTROUTING (policy ACCEPT)
: target prot opt source destination
: SNAT all -- anywhere anywhere to:198.31.174.56
:
: Chain OUTPUT (policy ACCEPT)
: target prot opt source destination
: __________________________
: eth0 Link encap:Ethernet HWaddr 00:04:75:A0:DE:59
: inet addr:a.b.c.d Bcast:198.31.174.255 Mask:255.255.255.0
: UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
: RX packets:18320637 errors:0 dropped:0 overruns:1 frame:0
: TX packets:18395481 errors:0 dropped:0 overruns:0 carrier:0
: collisions:0 txqueuelen:100
: RX bytes:3151929956 (3005.9 Mb) TX bytes:4285940372 (4087.3 Mb)
: Interrupt:11 Base address:0xe400
:
: eth1 Link encap:Ethernet HWaddr 00:04:75:A0:DD:F9
: inet addr:A.B.C.D Bcast:192.168.33.255 Mask:255.255.255.0
: UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
: RX packets:20321245 errors:0 dropped:0 overruns:5 frame:0
: TX packets:18611116 errors:0 dropped:0 overruns:0 carrier:0
: collisions:0 txqueuelen:100
: RX bytes:768762048 (733.1 Mb) TX bytes:3808977459 (3632.5 Mb)
: Interrupt:10 Base address:0xe800
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] Snat Mac address changing
2003-04-05 18:06 [LARTC] Snat Mac address changing Chris K Ellsworth
2003-04-05 18:36 ` Martin A. Brown
@ 2003-04-05 21:39 ` Chris K Ellsworth
1 sibling, 0 replies; 3+ messages in thread
From: Chris K Ellsworth @ 2003-04-05 21:39 UTC (permalink / raw)
To: lartc
that does sound reasonable on what is happening.
thx for the help.
NAT ===Switch-----switch -----arpwatch
= two cables
- one cable
also gif version @
http://www.highlandshighspeed.net/images/network.gif
----- Original Message -----
From: "Martin A. Brown" <mabrown-lartc@securepipe.com>
To: "Chris K Ellsworth" <cke@highlandshighspeed.net>
Cc: "LARTC" <lartc@mailman.ds9a.nl>
Sent: Saturday, April 05, 2003 10:36 AM
Subject: Re: [LARTC] Snat Mac address changing
> Chris,
>
> What does the physical interconnection of cables look like?
> Where is the arpwatch daemon?
> Do you have your public network and private network connected to
> the same hub/switch?
>
> Could you give us a bit of ASCII art to show the configuration?
>
> Judging from the symptoms, the only logical explanation I can imagine is
> as follows. You have your public and private networks connected to the
> same medium (hub/switch). Now, when a host on this network makes an ARP
> request for 198.31.174.56, it might get two answers.
>
> >From any other box on the network try the following command:
>
> # arping -I eth0 -c 3 198.31.174.56
>
> See here for an explanation of ARP flux, if this is your problem:
>
> http://linux-ip.net/html/ether-arp.html#ether-arp-flux
>
> Good luck,
>
> -Martin
>
> : ok i have a program called arpwatch on the network, monitors
arp/ipmatching,
> : it sees that the public side of the Snat box has its mac address
switch
> : between the public and private interface.
> : here i tried to provide most the information that i can think of.
> :
> : iptables v1.2.7a:
> : ____________________
> : Linux ns.highlandshighspeed.net 2.4.19-gentoo-r10 #5 Sun Mar 9 16:53:57
PST
> : 2003
> : i686 Intel(R) Pentium(R) 4 CPU 1.60GHz GenuineIntel GNU/Linux
> : _____________________________
> : /bin/echo 1 > /proc/sys/net/ipv4/ip_forward
> : iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source
198.31.174.56
> : __________________________
> : Chain PREROUTING (policy ACCEPT)
> : target prot opt source destination
> :
> : Chain POSTROUTING (policy ACCEPT)
> : target prot opt source destination
> : SNAT all -- anywhere anywhere
to:198.31.174.56
> :
> : Chain OUTPUT (policy ACCEPT)
> : target prot opt source destination
> : __________________________
> : eth0 Link encap:Ethernet HWaddr 00:04:75:A0:DE:59
> : inet addr:a.b.c.d Bcast:198.31.174.255 Mask:255.255.255.0
> : UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> : RX packets:18320637 errors:0 dropped:0 overruns:1 frame:0
> : TX packets:18395481 errors:0 dropped:0 overruns:0 carrier:0
> : collisions:0 txqueuelen:100
> : RX bytes:3151929956 (3005.9 Mb) TX bytes:4285940372 (4087.3
Mb)
> : Interrupt:11 Base address:0xe400
> :
> : eth1 Link encap:Ethernet HWaddr 00:04:75:A0:DD:F9
> : inet addr:A.B.C.D Bcast:192.168.33.255 Mask:255.255.255.0
> : UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> : RX packets:20321245 errors:0 dropped:0 overruns:5 frame:0
> : TX packets:18611116 errors:0 dropped:0 overruns:0 carrier:0
> : collisions:0 txqueuelen:100
> : RX bytes:768762048 (733.1 Mb) TX bytes:3808977459 (3632.5
Mb)
> : Interrupt:10 Base address:0xe800
>
> --
> Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
>
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-04-05 21:39 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-04-05 18:06 [LARTC] Snat Mac address changing Chris K Ellsworth
2003-04-05 18:36 ` Martin A. Brown
2003-04-05 21:39 ` Chris K Ellsworth
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.