From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Martin A. Brown" Date: Sat, 05 Apr 2003 18:36:19 +0000 Subject: Re: [LARTC] Snat Mac address changing Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Chris, What does the physical interconnection of cables look like? Where is the arpwatch daemon? Do you have your public network and private network connected to the same hub/switch? Could you give us a bit of ASCII art to show the configuration? Judging from the symptoms, the only logical explanation I can imagine is as follows. You have your public and private networks connected to the same medium (hub/switch). Now, when a host on this network makes an ARP request for 198.31.174.56, it might get two answers. >From any other box on the network try the following command: # arping -I eth0 -c 3 198.31.174.56 See here for an explanation of ARP flux, if this is your problem: http://linux-ip.net/html/ether-arp.html#ether-arp-flux Good luck, -Martin : ok i have a program called arpwatch on the network, monitors arp/ipmatching, : it sees that the public side of the Snat box has its mac address switch : between the public and private interface. : here i tried to provide most the information that i can think of. : : iptables v1.2.7a: : ____________________ : Linux ns.highlandshighspeed.net 2.4.19-gentoo-r10 #5 Sun Mar 9 16:53:57 PST : 2003 : i686 Intel(R) Pentium(R) 4 CPU 1.60GHz GenuineIntel GNU/Linux : _____________________________ : /bin/echo 1 > /proc/sys/net/ipv4/ip_forward : iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 198.31.174.56 : __________________________ : Chain PREROUTING (policy ACCEPT) : target prot opt source destination : : Chain POSTROUTING (policy ACCEPT) : target prot opt source destination : SNAT all -- anywhere anywhere to:198.31.174.56 : : Chain OUTPUT (policy ACCEPT) : target prot opt source destination : __________________________ : eth0 Link encap:Ethernet HWaddr 00:04:75:A0:DE:59 : inet addr:a.b.c.d Bcast:198.31.174.255 Mask:255.255.255.0 : UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 : RX packets:18320637 errors:0 dropped:0 overruns:1 frame:0 : TX packets:18395481 errors:0 dropped:0 overruns:0 carrier:0 : collisions:0 txqueuelen:100 : RX bytes:3151929956 (3005.9 Mb) TX bytes:4285940372 (4087.3 Mb) : Interrupt:11 Base address:0xe400 : : eth1 Link encap:Ethernet HWaddr 00:04:75:A0:DD:F9 : inet addr:A.B.C.D Bcast:192.168.33.255 Mask:255.255.255.0 : UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 : RX packets:20321245 errors:0 dropped:0 overruns:5 frame:0 : TX packets:18611116 errors:0 dropped:0 overruns:0 carrier:0 : collisions:0 txqueuelen:100 : RX bytes:768762048 (733.1 Mb) TX bytes:3808977459 (3632.5 Mb) : Interrupt:10 Base address:0xe800 -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/