> Seem to go out right interface but arp trouble > > Gate:~ # tcpdump -nvi eth0 host 4.2.2.2 > tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96
> bytes > 11:54:48.908020 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has > 4.2.2.2 tell 205.134.193.138, length 28 > 11:54:49.944019 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has > 4.2.2.2 tell 205.134.193.138, length 28 > 11:54:50.944019 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has > 4.2.2.2 tell 205.134.193.138, length 28 > 11:54:51.944018 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has > 4.2.2.2 tell 205.134.193.138, length 28 > 11:54:52.968019 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has > 4.2.2.2 tell 205.134.193.138, length 28 > 11:54:53.968037 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has > 4.2.2.2 tell 205.134.193.138, length 28 > 11:54:54.968019 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has > 4.2.2.2 tell 205.134.193.138, length 28 > ^C > 7 packets captured > 7 packets received by filter > 0 packets dropped by kernel > Gate:~ # tcpdump -nvi eth1 4.2.2.2 > tcpdump: syntax error > > Gate:~ # tcpdump -nvi eth1 host 4.2.2.2 > tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 96 > bytes > ^C > 0 packets captured > 13 packets received by filter > 0 packets dropped by kernel > Gate:~ # > > > > -------- Original Message -------- > > From: "Tom Eastep" <[email protected]> > > Sent: Friday, May 18, 2012 11:32 AM > > To: [email protected] > > Subject: Re: [Shorewall-users] Lsm Failover > > > > On 5/18/12 10:53 AM, Mike Lander wrote: > > > Hi Tom, > > > > > > Seem to have an issue with my config. > > > If a failover occurs, the firewall detects it and does its job to > 'disable' > > > device. > > > Lsm cannot succesfully ping a outside Ip on failover on the device that > > > > comes back up. > > > Here eth0 is up. Yet shorewall eth0 status = 1 > > > > > > eth0 Link encap:Ethernet HWaddr 00:02:B3:D7:B3:C7 > > > inet addr:205.134.193.138 Bcast:205.134.193.143 > > > Mask:255.255.255.248 > > > inet6 addr: fe80::202:b3ff:fed7:b3c7/64 Scope:Link > > > > > > > > > Gate:~ # ping -I 205.134.193.138 4.2.2.2 > > > PING 4.2.2.2 (4.2.2.2) from 205.134.193.138 : 56(84) bytes of data. > > > 64 bytes from 4.2.2.2: icmp_seq=1 ttl=56 time=32.6 ms > > > 64 bytes from 4.2.2.2: icmp_seq=2 ttl=56 time=29.3 ms > > > > Mike: Use tcpdump to be sure that those pings are actually going out of > > eth0 and not out of eth1. > > > > -Tom But my test is going out eth1 rtt min/avg/max/mdev = 29.114/30.694/32.356/1.172 ms Gate:~ # ping -I 205.134.193.138 4.2.2.2 PING 4.2.2.2 (4.2.2.2) from 205.134.193.138 : 56(84) bytes of data. 64 bytes from 4.2.2.2: icmp_seq=1 ttl=56 time=32.5 ms 64 bytes from 4.2.2.2: icmp_seq=2 ttl=56 time=39.2 ms 64 bytes from 4.2.2.2: icmp_seq=3 ttl=56 time=30.0 ms ^C --- 4.2.2.2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 30.084/33.970/39.253/3.876 ms You have new mail in /var/mail/root Gate:~ # -------------------------------------------dump 0 packets dropped by kernel Gate:~ # tcpdump -nvi eth1 host 4.2.2.2 tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes 12:05:14.706204 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 50.78.47.90 > 4.2.2.2: ICMP echo request, id 46684, seq 1, length 64 12:05:14.738693 IP (tos 0x20, ttl 56, id 13142, offset 0, flags [none], proto ICMP (1), length 84) 4.2.2.2 > 50.78.47.90: ICMP echo reply, id 46684, seq 1, length 64 12:05:15.705699 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 50.78.47.90 > 4.2.2.2: ICMP echo request, id 46684, seq 2, length 64 Sorry I think I did a top post....Mike ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
