Hello, I have serious problems with arp packets in my networks. not one network, not from today, but this is important for me - now.
I am receiving flip-flops from (?) each machine in my LAN (SNATed), I have turned on proxy_arp (public IPs in LAN also present) Situation is like : each computer send me ARP packet one time with correct MAC and second time with ... MAC of serwer interface :( # tcpdump -ntvi eth0 arp arp who-has 192.168.1.1 tell 192.168.1.64 arp reply 192.168.1.1 is-at 0:a:5e:4:f4:15 arp who-has 192.168.1.6 tell 192.168.1.210 arp who-has 192.168.0.43 tell 192.168.1.144 arp who-has 192.168.0.20 tell 192.168.1.144 arp reply 192.168.0.20 is-at 0:a:5e:4:f4:15 arp reply 192.168.0.43 is-at 0:a:5e:4:f4:15 arp who-has 192.168.1.1 tell 192.168.1.64 arp reply 192.168.1.1 is-at 0:a:5e:4:f4:15 arp who-has 192.168.0.43 tell 192.168.1.144 arp reply 192.168.1.144 is-at 0:c:6e:4:f4:33 /etc/arpwatch.conf contain: eth0 -a -p -m [EMAIL PROTECTED] I have got hundreds of mails from arpwatch with changed_ethernet_address and flip_flop raports .... please help me. I am working with grsecurity, normaly LAN machines have 192.168.... adress, and some machines (by proxy_arp) have normal public addreses. There is no anyone who spoofing this addreses, because this is going on each servers, even without LAN users. -- Regards, Marcin. Ps. I am reading group mails regulary so you can send mail onto group debian-security@lists.debian.org I was talking on another group, googled, read mans.. no results. I am not beginner in linux but I can't solve this :( kernel 2.4.24, grsecurity patched, rpfilter=on, proxyarp=on, I think - strange firewalling.
