LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 10-30-2003, 10:57 AM   #1
Hdvd21
LQ Newbie
 
Registered: Oct 2003
Posts: 1

Rep: Reputation: 0
Strange ARP behavior : A linux server responds to all ARP requests


Hi,

I'm in front of a strange thing. I have a small DMZ with 3 servers in it: one W2K, one Suse Linux server and a Redhat 9 server. They are all connected on a simple hub. They all have only one ethernet card installed.

When I try to setup networking on my redhat 9 machine, using 'ifup eth0', I get an error message 'some other host already have this IP address: 192.168.0.X'. I also tried using 3 other IP address, with no luck. I have confirmed that all IP address I tried are available.

if I do a arping, on my redhat machine, it returns a reply from 0.0.0.0 from the same MAC address(always), even if I try other IP address !

I searched for the MAC address replying to my ARP request, and it appears to be the Suse machine. I don't have access to this machine though.. I would like to know how to fix this behavior, so I'll contact the owner of that box ASAP.

Note that the Win2k server can ping the Suse machine successfully, but it always return a 'timeout. on the FIRST ICMP packet sent...

What can cause a server to reply to ALL ARP requests, when it should only reply to ARP containing it's own ip address?

Any ideas?
 
Old 05-06-2009, 07:08 AM   #2
alex_vigo
LQ Newbie
 
Registered: May 2009
Posts: 3

Rep: Reputation: 0
Finally a solution to this

Hi,
almost 6 years later I faced the same problem in my network. A linux server machine responding to all ARP requests (and all Arping for all IP's) in the net. This may cause ALL Windows Vista (and a CentOs Linux) to be unable to get an IP (even static IP's). At least, Windows XP's machine ignore this problem.
The solution is to change a single archive that specifies how the machine will respond to ARP requests:
sysctl net.ipv4.conf.all.arp_ignore=1
or
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore

The default (and problematic) is 0 for that parameter.

arp_ignore - INTEGER
Define different modes for sending replies in response to
received ARP requests that resolve local target IP addresses:
0 - (default): reply for any local target IP address, configured
on any interface
1 - reply only if the target IP address is local address
configured on the incoming interface
2 - reply only if the target IP address is local address
configured on the incoming interface and both with the
sender's IP address are part from same subnet on this interface
3 - do not reply for local addresses configured with scope host,
only resolutions for global and link addresses are replied
4-7 - reserved
8 - do not reply for all local addresses

The max value from conf/{all,interface}/arp_ignore is used
when ARP request is received on the {interface}

Similar problem here:
http://alt.awesometrousers.net/artic...rp_ignore.html

Hope this help a future similar problem

Cheers
 
Old 05-06-2009, 10:40 AM   #3
*******
Member
 
Registered: Feb 2009
Posts: 63

Rep: Reputation: 16
Responding to all ARP requests is not default behaviour. So in my humble opinion the solution is not to arp_ignore on others but to correct behaviour on the offending machine.
 
Old 05-07-2009, 02:03 AM   #4
alex_vigo
LQ Newbie
 
Registered: May 2009
Posts: 3

Rep: Reputation: 0
Quote:
Originally Posted by ******* View Post
Responding to all ARP requests is not default behaviour. So in my humble opinion the solution is not to arp_ignore on others but to correct behaviour on the offending machine.
I agree. Maybe I didn't make myself clear enough. The default value for arp_ignore is 0 and shouldn't be a problem in 99% of the cases. This case is an strange one, which is probably related to some bug or outdated kernel of the offending machine (a Suse Linux Enterprise Server 10). But I have seen other cases, while researching, where arp_ignore=0 can cause problems when the server is running in several different networks. Some people has reported it as a bug or has suggested that it should default to 1 instead of 0, which I think is more correct (Respond to the ARP requests of the incoming interface, not to check in all the interfaces for an ARP that came of only one of them).
I think this solution is harmless and is the only one that worked for this specific and strange behaviour. (And the change has to be made only in the offending machine, not in the others...)


PS: And shows another new "feature" of Vista...

Regards,
Alex

Last edited by alex_vigo; 05-07-2009 at 02:05 AM.
 
Old 10-24-2013, 05:02 AM   #5
jonatan
LQ Newbie
 
Registered: Sep 2012
Distribution: CentOS 5
Posts: 8

Rep: Reputation: Disabled
I encountered this problem when configuring two interfaces on one machine to use the same network:
eth0 192.168.1.10
eth1 192.168.1.11

When any other machine on the same network would try to connect to either of the addresses, both interfaces replied saying "this is my address!". Subsequently, the first message to get across would convince the inquiring machine and be saved in the ARP cache there, resulting in unpredictable traffic.

By setting net.ipv4.conf.all.arp_ignore=1 only the interface configured with the requested IP will send an ARP reply, which is what one would expect from a network interface.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
a lot of ARP requests- why? zivota Linux - Networking 5 09-26-2005 08:06 AM
Network Flooded With ARP requests aronnok Linux - Security 3 12-25-2004 04:54 PM
Cutting arp requests to my box ivanatora Linux - Security 5 08-30-2004 02:46 PM
Why am I flooding my network with ARP requests? DocKarl Linux - Networking 3 05-07-2004 11:50 AM
How to monitor the ARP requests from other than eth1 Bassam Linux - Networking 4 02-10-2004 03:25 AM


All times are GMT -5. The time now is 05:28 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration