Re: [gentoo-user] arp question

2015-12-27 Thread lee
Adam Carter writes: >> Yes, I already tried that and didn't get any traffic listed. >> > > In that case it sounds like linux has bridged them across from the other > interface. Does this find anything? > tcpdump -i enp2s0 net 192.168.1.0/24 > > If it doesn't maybe generate

Re: [gentoo-user] arp question

2015-12-27 Thread lee
Rich Freeman writes: > On Sat, Dec 26, 2015 at 9:14 AM, lee wrote: >> >> They are connected to different vlans on the same switch, so they don't >> share the same broadcast domain. The switch shows the mac addresses of >> the phones only in the expected

Re: [gentoo-user] arp question

2015-12-26 Thread Rich Freeman
On Sat, Dec 26, 2015 at 9:14 AM, lee wrote: > > They are connected to different vlans on the same switch, so they don't > share the same broadcast domain. The switch shows the mac addresses of > the phones only in the expected vlan. > Out of curiosity, have you tried actually

Re: [gentoo-user] arp question

2015-12-26 Thread lee
Adam Carter writes: >> They are wrong because there is no way for network traffic from the >> devices on the LAN to make it to the interface enp2s0. Or, if they do >> make it there, then there is something else seriously wrong. >> > > tcpdump -i enp2s0 arp > > will tell

Re: [gentoo-user] arp question

2015-12-26 Thread Adam Carter
> Yes, I already tried that and didn't get any traffic listed. > In that case it sounds like linux has bridged them across from the other interface. Does this find anything? tcpdump -i enp2s0 net 192.168.1.0/24 If it doesn't maybe generate some layer2 broadcast traffic on enp1s0 to see if you

Re: [gentoo-user] arp question

2015-12-25 Thread lee
Rich Freeman writes: > On Fri, Dec 25, 2015 at 9:00 PM, Adam Carter wrote: >>> grandstream.yagibdah.de (192.168.3.80) auf 00:0b:82:16:ed:9e [ether] auf >>> enp2s0 >>> grandstream.yagibdah.de (192.168.3.80) auf 00:0b:82:16:ed:9e [ether] auf >>> enp1s0 >>>

Re: [gentoo-user] arp question

2015-12-25 Thread lee
Adam Carter writes: >> >> grandstream.yagibdah.de (192.168.3.80) auf 00:0b:82:16:ed:9e [ether] auf >> enp2s0 >> grandstream.yagibdah.de (192.168.3.80) auf 00:0b:82:16:ed:9e [ether] auf >> enp1s0 >> spa.yagibdah.de (192.168.3.81) auf 88:75:56:07:44:c8 [ether] auf enp2s0 >>

Re: [gentoo-user] arp question

2015-12-25 Thread Adam Carter
> > grandstream.yagibdah.de (192.168.3.80) auf 00:0b:82:16:ed:9e [ether] auf > enp2s0 > grandstream.yagibdah.de (192.168.3.80) auf 00:0b:82:16:ed:9e [ether] auf > enp1s0 > spa.yagibdah.de (192.168.3.81) auf 88:75:56:07:44:c8 [ether] auf enp2s0 > spa.yagibdah.de (192.168.3.81) auf 88:75:56:07:44:c8

Re: [gentoo-user] arp question

2015-12-25 Thread Adam Carter
> Even after adding the static routes and creating firewall rules to drop > all traffic from the devices to the internet, their arp entries continue > to be renewed. How is that possible? > > Your iptables rules are IP based (layer 3), so will not match arp traffic (layer 2)

Re: [gentoo-user] arp question

2015-12-25 Thread Adam Carter
> They are wrong because there is no way for network traffic from the > devices on the LAN to make it to the interface enp2s0. Or, if they do > make it there, then there is something else seriously wrong. > tcpdump -i enp2s0 arp will tell you if the arps are being generated from something on

Re: [gentoo-user] arp question

2015-12-25 Thread Rich Freeman
On Fri, Dec 25, 2015 at 9:00 PM, Adam Carter wrote: >> grandstream.yagibdah.de (192.168.3.80) auf 00:0b:82:16:ed:9e [ether] auf >> enp2s0 >> grandstream.yagibdah.de (192.168.3.80) auf 00:0b:82:16:ed:9e [ether] auf >> enp1s0 >> spa.yagibdah.de (192.168.3.81) auf