The arpwatch output is:
arpwatch: bogon 172.17.49.239 00:90:1a:a0:1f:51 eth0
arpwatch: bogon 10.36.36.36 00:30:0a:0c:30:fb eth0
Regards,
On 08/30/10 21:04, Trent O'Callaghan wrote:
> see below for suggestions:
>
> On 28 August 2010 02:46, Carlos Siso <[email protected]
> <mailto:[email protected]>> wrote:
>
> ...
> The weird part:
>
> 1.- Disabling one of the internal network interfaces ("ifdown eth1" or
> "ifdown eth2") fix the problem for the other one.
> 2.- While pinging from inside the router/firewall to the Internet, the
> packet loss, when pinging from a PC in the "loc" or "cus" zones, are
> reduced considerably (at almost 1% packed loss on an 10 minute ping
> period). Actually, I keep a console session on the router/firewall
> pinging the default gateway at the Internet to have things working
> (more
> or less).
>
> Instead of pinging the gateway, can you set the arp entry for the IP
> ADDRESS as static and see if that also gives an improvement?
>
> sudo arp -s 201.208.128.1 00:00:00:00:00:00
> [but with 00:00:00:00:00:00 replaced with correct mac-address]
>
> I have had a similar situation but my newer builds are working without
> the pinging
>
> What I did for newer builds is in /etc/sysctl.conf I placed:
> net.netfilter.nf_conntrack_acct = 1
> net.ipv4.conf.eth0.arp_announce = 2
> net.ipv4.conf.eth0.arp_filter = 1
> net.ipv4.neigh.eth0.gc_stale_time = 3600
>
>
> Any help you could provide to resolve this problem will be
> appreciated.
> Thank you.
>
> Regards,
>
> Carlos Siso
>
>
> --
> --
> Carlos Siso
>
>
>
> ------------------------------------------------------------------------------
> Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
> Be part of this innovative community and reach millions of netbook
> users
> worldwide. Take advantage of special opportunities to increase
> revenue and
> speed time-to-market. Join now, and jumpstart your future.
> http://p.sf.net/sfu/intel-atom-d2d
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> <mailto:[email protected]>
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
>
>
> --
> Regards,
> Trent O'Callaghan
> Network Manager
> Nearmap
>
> www.nearmap.com <http://www.nearmap.com>
>
>
> ------------------------------------------------------------------------------
> This SF.net Dev2Dev email is sponsored by:
>
> Show off your parallel programming skills.
> Enter the Intel(R) Threading Challenge 2010.
> http://p.sf.net/sfu/intel-thread-sfd
>
>
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
--
Carlos Siso
------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:
Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
