[ale] router stupids

[Stephan Uphoff]

If I understand correctly your linux router has two NICs connected to
the same switch.

I have had problems with similar setups in the past due to bugs
in the ARP implementation. (Patched linux 2.2.16 kernel I believe)

Both NICs received an ARP request for the IP of internal/external
network and both NICS answered the same request providing their own
Ethernet address.

Once IP packets get routed through the wrong interface your firewall
rules will probably just drop them.

	Stephan



On Thu, 2004-08-26 at 11:05, James P. Kinney III wrote:
> My brain has lost a neuron somewhere. I have a .248 network of public
> IP's. One of them is for the linux firewall/router. There is an internal
> LAN that is NAT'ed. The server has 2 NIC's, iptables (and Bob Toxen's
> entire book, 2 ed, in a 36,000 line shell script :).
> 
> By default the system sets up the outside NIC to see the Public IP's and
> the inside to see the 192's. So I added a route for the publics to be on
> the internal nic. 
> 
> Currently, the external line from the ISP as well as the internal and
> external lines for the router machine are all plugged into a switch so
> my testing is a bit vague.
> 
> The ISP has a Cisco router between the T1 line and my outside net line.
> That box seems to be where I'm having trouble. From the outside, if I
> traceroute any machine but the gateway machine, the last address
> returning is the external address of the Cisco. This _looks_ like the
> Cisco router is doing NAT which the ISP swears it isn't. The gateway
> machine has an IP that has never been used by the network before.
> 
> Of course, I don't have the password for the router.  Do I need to power
> cycle the router to get it to flush or do I need to get the ISP on the
> phone and get them to do go in and do a flush?