:: Re: [DNG] how to investigate consta…
Góra strony
Delete this message
Reply to this message
Autor: s
Data:  
Dla: linux
CC: dng
Temat: Re: [DNG] how to investigate constant outgoing ARP traffic - TX: ~7K/s
Hi mett,

>
> Hi,
>
> if this is really outgoing arp request,
> maybe ur default route is not properly
> configured.
> Like u have no next-hop address,
> only an outgoing interface as a default
> route:
>
> ip route default dev en0
>
> instead of
>
> ip route default via 91.sm.th.ing dev en0
>
> In that case, ur host think every hosts is attached to it, and therefore arp for each
> host.
>
> I said if bc what u showed didn t seem
> coming from ur host.
>
> Can u verify that all the arp requests
> are from ur host?
> ie. the outgoing interface, en0 if i
> understood properly
> (the interface with a public ip address).
>
> hth


Exactly, it could be indeed a routing problem, since he own 2 networks, he need to route the dns trafic via public interface 'en0'..

But the thing is, he will need 2 default gateways.. one for the public network '91.65.138.0/??'( what you designated as default gateway.. ),
And 1 for the internal private network '192.168.19.0/24'( delivering dhcp, and the dns cache queries, he cache on that machine.. )

He can acomplish that in debian,
You need to do it using 'policy routing'( redhat permited to bound a routing table directly to a interface.. I think I already saw that in debian too, but its not the same thing.. do this solution isa bit more dificult.. )
For that, see 'https://www.thomas-krenn.com/en/wiki/Two_Default_Gateways_on_One_System'
or 'https://unix.stackexchange.com/questions/35713/adding-two-default-gateways-in-debian-interfaces-file/35822'

You should see after creating a new routing table, and assign routing rules, that you have 2 default gateways, one for public trafic and one for private..


But...IF he doesn't own, or contact that machine( 'ip5b418c91.dynamic.kabel-deutschland.de - 91.65.140.145' ), why is it trying to know its mac address??
It could even be that the master dns server is down, or unreachable and he needs to contact the slave server.. don'ty know

But, I think that this was is first question..

Best Regards
--
tux <tuxd3v@???>