Surge wrote: > I checked as mentioned it's not on the same hub/switch. Any other ideas > or suggestions ?
Then you had better check that the hubs/switches that they are connected
to are not themselves connected.
The only possible explanation for packets from 10.1.50.0/24 arriving on
eth5 is that the subnet is connected to eth5 either directly or indirectly.
I suggest that you:
tcpdump -nei eth5 net 10.1.50.0/24
Look at the packets and check the source MAC address. If different hosts
are sending packets with the same MAC source then the host with the
sending MAC is routing the packets to you. If the MAC addresses match
the sending hosts' real MACs, then 10.1.50.0/24 is bridged to eth5 in
some way.
Note that the traffic from 10.1.50.0/24 may be intermittent through
eth5; that is because of what I call 'ARP Roulette' (see
http://www.shorewall.net/FoolsFirewall.html for additional information).
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
