<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.2919.6307" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#c0c0c0>
<DIV><FONT face=Arial size=2>There was an issue recently reported by (I believe)
Gary to the BLUG regarding linux boxes not responding on the
network.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>I now have something similar happening with my
Linux firewall, although through some packet sniffing I know what's happening on
the network, just not what is happening inside Linux.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>I have a firewall that has both interfaces on the
same physical network. When a windows machine sends an ARP request for the
internal interface, the Linux machine responds with ARP replies from BOTH
interfaces. The reply from the external interface comes second, which is
the last update to the workstation's ARP and happens to be incorrect. The
workstation uses this information to try and hit the internal interface but the
packets go to the wrong NIC and get dropped.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Now I know that my problem would be solved if I
didn't have both of my interfaces on the same physical network, but the question
remains: "Why is my Linux box sending ARP replies from both
interfaces?"</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>One other note: This didn't seem to start
happening until I loaded SSH 2 on the Linux firewall. Was some code added
during that install that has an ARP bug in it?</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Any ideas?</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Maybe this is what Gary is getting
also.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Brian</FONT></DIV></BODY></HTML>