arp problem? Howto fix
steve at stevecowles.com
Fri Jul 23 04:02:19 UTC 2004
Gene Heskett wrote:
> What can I check next please?
Based on my understanding of your post (it's kinda confusing), it sounds
like you might have a stale arp entry somewhere. You should be able to
confirm this by:
1) Running "arp -a" to verify that the new MAC address has been updated by
the systems on the same LAN segment.
2) Running tcpdump on your firewall and take note of the layer 2 src/dst MAC
addresses. Especially the return packet from your ISP's router.
3) Clear your iptable rules, then re-enable them.
FWIW: A lot of ISP's configure their routers with long arp cache timeouts.
So if you changed the NIC card that connects (talks) directly to your ISP's
router, then it could be replying to your other NIC's MAC address. This
stale arp condition could last for hours depending on how long your ISP have
their routers arp cache configured. If this is the case (tcpdump should
point this out), then you can either phone your ISP and request that they
purge the old MAC address at their end (good luck) -or- try the brute force
method by issuing an arping -U (AKA: gratuitous arp). See: man arping
More information about the users