The arp cache doesn't stay very long. Maybe a minute at most. IIRC DNS cache maybe, that lasts longer. Is your router doing DNS as well as DHCP? I ask because this is not default. You have to set both up separately or create a hosts file on each box.
-----Original Message----- From: kclug-bounces@kclug.org [mailto:kclug-bounces@kclug.org] On Behalf Of hanasaki Sent: Wednesday, August 31, 2005 1:16 PM To: jason@stdbev.com Cc: Jeremy Fowler; kclug@kclug.org Subject: Re: routing problem
working like a champ now!
is it possible that there was something in the ip stack that had to timeout? I did manually arp -d the host3 entries and after a "ping" arp -a showed them with a MAC of "<incomplete>" whatever that means.
Jason Munro wrote:
On 11:34:52 am 08/31/05 "Jeremy Fowler" JFowler@westrope.com wrote:
Default gateway for host1 is set to 10.1.1.2, change to 10.1.1.1
Umm.. no. The default gateway is for any request outside the local
subnet
and if 10.1.1.2 is the router out then this is correct. The routing
table
for host1 shows that no gateway is required for 10.1.1.0/24 and that
all
else (0.0.0.0) should be shoved out 10.1.1.2.
host3 = 101.1.1.10 / mask 255.255.255.0
If this is correct then this is the problem since 101.1.1.10 is not on
the
same subnet as host1 and therefore requests are being sent out the
router.
I wonder if host3 is actually online? If the above is a typo and host3
is
actually 10.1.1.10 then maybe you should try resetting the switch
because
your routing tables look ok AFAIKT.
__ Jason Munro __ jason@stdbev.com __ http://hastymail.sourceforge.net/
_______________________________________________ Kclug mailing list Kclug@kclug.org http://kclug.org/mailman/listinfo/kclug
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Kelsay, Brian - Kansas City, MO wrote:
| The arp cache doesn't stay very long. Maybe a minute at most. IIRC | DNS cache maybe, that lasts longer. Is your router doing DNS as well as | DHCP? I ask because this is not default. You have to set both up | separately or create a hosts file on each box.
You've not messed much with proxy-arp, then, which has the effect of swapping the MAC address that's attached to a particular IP address.
It can take *HOURS* to get arp caches updated (speaking as one who has had to wait those frustrating hours after swapping out transparent proxy-arp based firewall boxes).
Fortunately, most IP stacks are dumb enough (or smart enough, depening on your perspective) to recognize unsolicited arp packets, and will then happily update their arp-cache. I now use the send_arp 'utility' (found at: http://www.insecure.org/sploits/arp.games.html ) to inform my upstream proivder whenever I swap firewalls or NICs, as it's much faster than calling their tech support and requesting they flush the arp-cache on their router (in fact, it's even a lot faster than getting someone on the phone who even understands what an arp-cache *IS* :).
If you really want to have fun, compile send_arp, and send an ARP packet with the IP of your system and a bogus MAC address to your gateway (use ip neigh show to find the proper MAC addy for your gateway)...you'll find out exactly how "short" arp cache timeouts can be, and what kind of mess you can get into when (really) low-level things get broken.
!!! - WARNING - !!! Like a lot of other low-level network tools, using send_arp incorrectly can result in VERY SERIOUS AND NASTY side effects. USE AT YOUR OWN RISK, AND WITH YOUR BRAIN ENGAGED! I do *NOT* recommend writing a script to send random MAC addresses paired with IPs on your subnet to the office firewall/gateway! Even if you *REALLY* don't like your sysadmin or the 'owner; of a particular IP!
- -- Charles Steinkuehler charles@steinkuehler.net