On Wed, Oct 21, 2015 at 06:13:03PM +1000, Brian Burch wrote: > I won't confuse anyone with details (in case they are off-topic), but I > thought it would be helpful to let you know I've been doing problem > determination on what appears to be a similar issue, but with a > different configuration. > > Naturally, I get shorewall log events for traffic between subnets that > should NOT be allowed, but nothing is logged for those connections that > are allowed. I believe it is not a shorewall problem, but something is > going wrong quite low in the stack. > > The details seem to be frustratingly variable, but I often see redirect > log messages to/from the host sending pings. I have many wireshark > traces from a mirror port on my switch, but haven't yet spotted the root > cause. > > In my research I found a reference to Linux being built on a "weak end > system model" as defined in RFC1122, which apparently "leads to arp > problems with multi-homed hosts". I haven't fully understood the > theoretical issues yet, so I apologise if my comments are not relevant > to your situation. However, in case it is relevant I thought it best to > mention quickly.
Do you mean the arp behaviour where it will answer an arp request for an address it owns on another interface? For that we use these settings to get sane behaviour on a router: # Do not answer ARP requests from other interfaces net.ipv4.conf.all.arp_ignore=1 net.ipv4.conf.all.arp_announce=2 -- Len Sorensen ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
