Hi Phil, Thanks. Yes, we used those too. Forgot to say. There are a few more iirc in there.
Gavin. On 8 Jun 2013 09:54, "Phil Mayers" <p.may...@imperial.ac.uk> wrote: > On 06/08/2013 08:35 AM, Gavin Henry wrote: > > your email to /etc/aliases. We found that the Linux kernel doesn't >> send the same arp response out of the same interface. For example, one >> interface was a public IP and one was a private IP. The kernel would >> send a "I'm on MAC blah" for the private IP out of the public IP port! >> >> arptables is the solution, but in 10 years it's the first time I'd >> > > The behaviour you describe can be disabled by sysctl, which is rather > cleaner than arptables IMO; our cfengine config puts the following > /etc/sysctl.conf: > > # These values make linux be sensible about making and replying > # to ARP requests - specifically they force ARP requests to come > # from an in-subnet IP, and ignore ARP replies for out-of-subnet > # addresses > net.ipv4.conf.all.arp_ignore = 1 > net.ipv4.conf.all.arp_announce = 2 > > AIUI the Linux behaviour is intentional, claiming to be the letter of the > relevant RFCs, but it's certainly problematic in a number of scenarios, > including multihoming, transparent load-balancing and anycast routes. > There's more documentation in the kernel source for the above sysctls. > > I have no idea if this is actually the OPs problem. > ______________________________**_________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/**mailman/listinfo/juniper-nsp<https://puck.nether.net/mailman/listinfo/juniper-nsp> > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp