[LARTC] Multiple network cards on same subnet problem (arp_filter=1)

From: "Bram Matthys (Syzop)" <syzop@vulnscan.org>
To: lartc@vger.kernel.org
Subject: [LARTC] Multiple network cards on same subnet problem (arp_filter=1)
Date: Mon, 02 May 2005 21:08:04 +0000	[thread overview]
Message-ID: <427696B4.6030201@vulnscan.org> (raw)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

this might seem like a classical problem but I've trouble getting this
working correctly:

# ifconfig  ### output stripped down:
eth0      Link encap:Ethernet  HWaddr 00:50:FC:2B:EB:1B
          inet addr:192.168.5.220  Bcast:192.168.5.255  Mask:255.255.255.0

eth1      Link encap:Ethernet  HWaddr 00:02:44:60:EC:58
          inet addr:192.168.5.221  Bcast:192.168.5.255  Mask:255.255.255.0

eth2      Link encap:Ethernet  HWaddr 00:20:ED:33:2B:6B
          inet addr:192.168.5.222  Bcast:192.168.5.255  Mask:255.255.255.0

# ip route
192.168.5.0/24 dev eth0  proto kernel  scope link  src 192.168.5.220
192.168.5.0/24 dev eth1  proto kernel  scope link  src 192.168.5.221
192.168.5.0/24 dev eth2  proto kernel  scope link  src 192.168.5.222
default via 192.168.5.11 dev eth0

# cat /proc/sys/net/ipv4/conf/all/arp_filter
1
(and just to be sure I set /conf/<every interface>/arp_filter to 1 as well)

So basically what I want is just a box with 3 network cards with 3
different ips, no bonding/trunking, just simple.. :).

What I get is simply that eth0 is answering (with it's own HW addr) to
arp requests for all ips (so including .221 and .222). Also, the other
interfaces are not answering (so it's not like they all answer either,
only eth0 does). The interfaces do receive the request however (when I
look with tcpdump).
The effect is obvious, when I list the arp table on the client machine:
  192.168.5.220         00-50-fc-2b-eb-1b     dynamic
  192.168.5.221         00-50-fc-2b-eb-1b     dynamic
  192.168.5.222         00-50-fc-2b-eb-1b     dynamic
                            ^ that's all eth0's hw addr :|

I've also tried all /proc/sys/net/ipv4/conf/all/arp_ignore settings
(+flushing arp tables @ client of course), but none of them helped...
I'm not even sure if those options have anything to do with what I'm
trying to accomplish.

Actually, when adding the hw addr manually (arp -s 192.168.5.221
00-02-44-60-EC-58) pinging doesn't work either... while all interfaces
receive the request (because naturally the switch didn't see the arp
request/reply it gets broadcasted) none of them replies.

Some of these are irrelevant, but just to be sure:
- - no iptables rules are present
- - all default iptables actions are at ACCEPT
- - IP Forwarding is disabled
- - I've reset my switch
- - I've flushed all arp tables on both the server and test client machine

This is Linux 2.4.30 (w/grsecurity).

Fast switching is off btw, checked that as well.

Did I miss a setting? A kernel compile option? Or is there a problem
with arp_filter in 2.4.*? I hope I'm missing something obvious here ;).

Thanks,

	Bram.

- --
Bram Matthys
Software developer/IT consultant        syzop@vulnscan.org
PGP key:                       www.vulnscan.org/pubkey.asc
PGP fp: 8DD4 437E 9BA8 09AA 0A8D  1811 E1C3 D65F E6ED 2AA2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)

iD8DBQFCdpa04cPWX+btKqIRArOUAJ4iLOSclzAsw7JbFeK6tGq/4jTwxwCfVMqA
VBYs/M0H0VVAQD9AutJ29mA=/L4a
-----END PGP SIGNATURE-----
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc