Chris,
What does the physical interconnection of cables look like?
Where is the arpwatch daemon?
Do you have your public network and private network connected to
the same hub/switch?
Could you give us a bit of ASCII art to show the configuration?
Judging from the symptoms, the only logical explanation I can imagine is
as follows. You have your public and private networks connected to the
same medium (hub/switch). Now, when a host on this network makes an ARP
request for 198.31.174.56, it might get two answers.
>From any other box on the network try the following command:
# arping -I eth0 -c 3 198.31.174.56
See here for an explanation of ARP flux, if this is your problem:
http://linux-ip.net/html/ether-arp.html#ether-arp-flux
Good luck,
-Martin
: ok i have a program called arpwatch on the network, monitors arp/ipmatching,
: it sees that the public side of the Snat box has its mac address switch
: between the public and private interface.
: here i tried to provide most the information that i can think of.
:
: iptables v1.2.7a:
: ____________________
: Linux ns.highlandshighspeed.net 2.4.19-gentoo-r10 #5 Sun Mar 9 16:53:57 PST
: 2003
: i686 Intel(R) Pentium(R) 4 CPU 1.60GHz GenuineIntel GNU/Linux
: _____________________________
: /bin/echo 1 > /proc/sys/net/ipv4/ip_forward
: iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 198.31.174.56
: __________________________
: Chain PREROUTING (policy ACCEPT)
: target prot opt source destination
:
: Chain POSTROUTING (policy ACCEPT)
: target prot opt source destination
: SNAT all -- anywhere anywhere to:198.31.174.56
:
: Chain OUTPUT (policy ACCEPT)
: target prot opt source destination
: __________________________
: eth0 Link encap:Ethernet HWaddr 00:04:75:A0:DE:59
: inet addr:a.b.c.d Bcast:198.31.174.255 Mask:255.255.255.0
: UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
: RX packets:18320637 errors:0 dropped:0 overruns:1 frame:0
: TX packets:18395481 errors:0 dropped:0 overruns:0 carrier:0
: collisions:0 txqueuelen:100
: RX bytes:3151929956 (3005.9 Mb) TX bytes:4285940372 (4087.3 Mb)
: Interrupt:11 Base address:0xe400
:
: eth1 Link encap:Ethernet HWaddr 00:04:75:A0:DD:F9
: inet addr:A.B.C.D Bcast:192.168.33.255 Mask:255.255.255.0
: UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
: RX packets:20321245 errors:0 dropped:0 overruns:5 frame:0
: TX packets:18611116 errors:0 dropped:0 overruns:0 carrier:0
: collisions:0 txqueuelen:100
: RX bytes:768762048 (733.1 Mb) TX bytes:3808977459 (3632.5 Mb)
: Interrupt:10 Base address:0xe800
--
Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED]
_______________________________________________
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
