08-15-2009 08:06 PM - edited 03-06-2019 07:16 AM
one unix server have two adapter,so user config two ip and two default gateway,like 10.10.1.1/gw 10.10.1.254 and 10.10.2.1/gw 10.10.2.254.now,sometime some user access the unix,not ok.why.
if we delete 10.10.2.254 defaultgateway,other user can still ping 10.10.2.1.why.
08-16-2009 03:35 AM
Hello Qing,
>> if we delete 10.10.2.254 defaultgateway,other user can still ping 10.10.2.1.why.
if you delete default gateway 10.10.2.254 the gateway is still there and can reach it.
Proxy ARP can play a role on why the return traffic is successful verify on router interface if it is enabled with
sh ip interface type x/y
look for the Proxy ARP line and check if it says enabled.
About first question:
verify security configurations on the server itself.
Hope to help
Giuseppe
08-16-2009 04:06 AM
thanks.
now,the unix define two ip and two default gateway.and the unix's root delete one gateway,like 10.10.2.254.
but the client can still ping 10.10.2.1.
the connection is unix server->switch(L2)->switch(L3).normal,if computer delete the default gateway,only the same subnet can ping it.other subnet can't ping it.
08-16-2009 04:22 AM
Hello Qing,
>> normal,if computer delete the default gateway,only the same subnet can ping it.other subnet can't ping it.
this depends on proxy-ARP settings on router device:
it means a device without a gateway tries to ARP for any ip address also out of local subnet and the router if proxy-ARP is enabled answers with its own MAC address if it knows how to reach the destination address.
in your case the unix box could do something similar allowing to reach ip 10.10.2.1 from the other subnet.
you should find out what path the packets do in both directions to understand why this happens.
Hope to help
Giuseppe
08-16-2009 04:56 PM
thanks.
the unix box self ip is 10.10.1.1 and 10.10.2.1.the box connect l2-switch,one port is vlan 101,other port is vlan 102.L3-switch have define vlan 101 and 102.ip address is 10.10.1.254.and 10.10.2.254.check ip int vlan 101 and 102,Proxy ARP is disabled and Local Proxy ARP is disabled.
so if we delete unix's gateway 10.10.2.254.other user can still ping 10.10.2.1,the unix use the 10.10.1.254 default gateway to response the ping 10.10.2.1.it all right????
08-16-2009 06:08 PM
you can do a tcpdump on your unix to see how it's responding to the pings.
08-19-2009 01:18 AM
today,capture the icmp packet and telnet icmp.the result like this:
1:on the unix box,delete 10.10.2.254 default gateway,user can still ping 10.10.2.1,the 10.10.2.1 rechive the icmp echo,and reply is through the 10.10.1.1,so the request and relpy not the same path.the telnet action like ping.
if capture the flow of the 10.10.1.1 port,through sniffer,found the response packet mac add is 10.10.1.1 port adapter;but the ip add is 10.10.2.1.
so think the unix use ip forwarding to complete it.
08-19-2009 04:08 AM
Hello Qing,
so it is the unix box that answers back on interface with ip address 10.10.1.1 where it has its only default gateway.
source mac address has to be that of the outgoing NIC so what you see is correct.
Hope to help
Giuseppe
08-19-2009 05:39 PM
thanks.
yes,it is correct.
but now how to resolve the problem,user not want 10.10.2.1 use the NIC(10.10.1.1) mac to communicate.on the switch,which way can prevent this happen?
thks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: