Switching NIC's that are directly connected to your ISP can cause problems related to the MAC address that your ISP expects you to use to access their network (this is a unique address hardwired into each NIC). Your ISP may be caching the old address.
You can try using the linux utility "arping" to trick the ISP into updating its ARP cache by making your NIC send out a request for the MAC address for its own IP address. This is referred to as a "gratuitous" ARP request.
arping -U -I eth0 192.0.2.1 (substitute your IP address here)
For a good explanation, see:
http://www.shorewall.net/ProxyARP.htm (this site will be going off line soon so I have quoted extensively below)
Quote:
A reading of Stevens' _TCP/IP Illustrated, Vol 1_ reveals that a
"gratuitous" ARP packet should cause the ISP's router to refresh their
ARP cache (section 4.7). A gratuitous ARP is simply a host
requesting the MAC address for its own IP; in addition to ensuring
that the IP address isn't a duplicate,
"if the host sending the gratuitous ARP has just changed its
hardware address..., this packet causes any other host...that has
an entry in its cache for the old hardware address to update its
ARP cache entry accordingly."
Which is, of course, exactly what you want to do when you switch a
host from being exposed to the Internet to behind Shorewall using
proxy ARP. Happily enough, recent versions of Redhat's iputils package
include "arping", whose "-U" flag does just that:
arping -U -I <net if> <newly proxied IP>
arping -U -I eth0 66.58.99.83 # for example
Stevens goes on to mention that not all systems respond correctly to
gratuitous ARPs, but googling for "arping -U" seems to support the
idea that it works most of the time.
|
