Hello all,
The weirdest thing's been going on lately with the two NICs in my machine. One has started to respond on behalf of the other (almost like a proxy arp), and AFAIK, I never set it up to do that. The problem now is getting them both to respond normally, as they did when I first set them up. The first one is set up to receive requests from outside the local network, and serve the local network internally. The second one is just for internal stuff. Initially, I set it up so the second one (internal only) used the first one as a gateway. On a reboot, since I hadn't set up the first one to come up automatically, the second one couldn't do much of anything, as expected, and as soon as the first one was brought up, both functioned normally. Recently I noticed that sometimes the connection would hang when I ssh'ed in remotely, so I set up arpwatch to see if there was anything interesting going on that it could tell me---and apparently, the two cards "flip-flop" at seemingly random times and stay swapped for random intervals. So I used the arp program to permanently set the MAC's for the appropriate IP's/interfaces. The flip-flops didn't stop, but the hang times were cut down to just a few seconds---and this was tolerable. Last week lots of changes happened to the network, mostly with stuff that I'm not responsible for. A second T1 and its corresponding router were added, maintenance stuff was done on who-knows-what equipment, etc. The only changes I made was that I added a third NIC to the machine to access a different part of the network. It, along with the other two NICs seemed to work fine internally. The only problem was, external requests coming in weren't going anywhere. There's some kind of switch at the "main office" that forwards requests from the "external IP" to the "internal" one, which is what my first NIC was set up for. When we used arping and other monitoring tools, it showed the second NIC responding---when a request was made for the MAC of the first NIC, the second card would respond with its MAC. I think this had been happening all along, according to arpwatch's flip-flop reports, but maybe this is different. The first NIC works fine, AFAIK, since you can use arping to ping it via its MAC. However, when you ping it via its IP, the other card responds. Again, I've manually set the arp table on the server machine and on the client I used to ping it, but it didn't help. I tried disabling the second nic to see if the first one would then correctly reply to arp requests again, and it did---only problem was, external requests still weren't coming in. I also changed the gateway of the second nic to be the same as the first nic, to avoid the second one going through it. Didn't help. Then I disabled the first nic, and all of a sudden, everything was working again---external requests were coming in, internal things were working correctly---but this was all happening through the second nic, which never should have been receiving these external requests. What is going on here? What do I need to do to fix it so that the second one stops responding to arp requests for the first one with the second one's MAC? How come external requests weren't working with the first one enabled on its own, even though it would respond with the correct MAC--- and yet they work fine with the second NIC, which never was set up to occupy that IP address. There's no load balancing here, no iptables or anything else configured on the machine that I know of that would cause such an issue, and I don't know how this can be fixed. If the interface was *taken down*, why is the second one STILL responding on the first one's behalf? I checked with the people at the main office who say all the equipment in charge of forwarding requests to me from outside is configured correctly, and they say the router this thing is connected to is not using permanent arp tables or proxy arp. And in the middle of all this, the third nic, working for the other part of the network, is working just fine. I don't think the first NIC is dead---it DID respond to arping, so I don't think the second one is taking over for that reason---besides, it shouldn't do it anyway if the interface is brought down, right? What could possibly be causing the second one to respond for the first one? How do I stop it? Thanks in advance -- Ian Melnick VSMSC JN/WS Admin [EMAIL PROTECTED] (at school) [EMAIL PROTECTED] (at home) AIM: dazedyugo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
