robbat2@gentoo.org - posted 2012/05/21 18:48 UTC - updated 2012/05/22 18:40 UTC I've got a ARP response problem, in a firewall+traffic shaping box I'm setting up. Two WAN links, two primary LAN links, two LAN admin links. Network switch for LAN1 is Netgear GS78T Switch Network switch for LAN2 is HP Procurve 3500yl-48G-PWR Box with 6 interfaces: eth0: 10.78.10.5/16 - LAN1, admin address eth1: 10.77.10.5/16 - LAN2, admin address eth2: 10.78.0.1/16, 10.78.0.3/16 - LAN1 eth3: aa.bb.cc.{2..62}/26 - WAN1 eth4: 10.77.0.1/16, 10.77.0.3/16 - LAN2 eth5: xx.yy.zz.{2..62}/26 - WAN2 From a testbox on LAN2 (I'm testing with 10.77.110.2), traffic for 10.77.0.3 seems to be arriving on eth1 instead of eth4. testbox # arping 10.77.0.3 ARPING 10.77.0.3 from 10.77.110.2 eth0 Unicast reply from 10.77.0.3 [eth1 MAC] 1.057ms ... I've tried to set: net.ipv4.conf.all.arp_ignore=1 net.ipv4.conf.all.arp_announce=2 But the arp_ignore setting just causes no response at all to the arping. LAN1/WAN1 and LAN2/WAN2 have lots of 1:1 NAT mappings. Valid normal traffic flows are: LAN1 <-> eth0 for admin LAN2 <-> eth1 for admin LAN1 <-> eth2/eth3 <-> WAN1 LAN2 <-> eth4/eth5 <-> WAN2 LAN1 <-> eth2/eth4 <-> LAN2 ; explicitly via this firewall (some ports/subranges are firewalled) Update 2012/05/22: I have also tried: - combinations of arp_filter, arp_ignore, arp_announce on many interfaces - scope link/host on eth0/eth1 I have NOT: - tried ebtables - 100% ruled out the HP Procurve switch as acting weird