> On Sat, Jul 11, 2020 at 9:49 PM Tom Eastep <eastep...@gmail.com> wrote: >> >> On 7/11/20 2:40 AM, Vieri Di Paola wrote: >> >> What was your 'shorewall iptrace command? > > If I just run 'shorewall iptrace' with no filter, won't that just > trace all packets? > >> > I saved a tcpdump taken on the Shorewall system to a >> > file and uploaded it here: >> > >> > >> > https://drive.google.com/file/d/1waEUIIMHsPK0c-xAEyKkT2XSgNWrj5t3> >> /view?usp=sharing >> > >> > I can see the reply in this dump, but frankly I don't know why >> > it's not reaching the host at 10.215.246.24. The only thing I >> > noticed in this dump is that the destination MAC is >> > e8:ea:6a:0c:4c:1c. However, I see another MAC on the Shorewall >> > gateway: > > OK, so this is really weird. > > Ping from host at 10.215.246.24 to host at 10.215.144.251: > > 1) echo request #1: src MAC is correct, dst MAC is that of lan.1 > interface in Shorewall Firewall > > 2) echo request #2: src MAC is that of lan.1 interface in Shorewall > Firewall, dst MAC is correct > > 3) first and only echo reply: src MAC is correct, dst MAC ( > e8:ea:6a:0c:4c:1c ) is that of an interface on an older Shorewall > router. > > So, that means that this particular client (an HP iLO system based on > Linux) is still sending replies to an old Shorewall gateway I replaced > 20 days ago. The interface to which this MAC addr belongs to isn't > even online. > I haven't found this MAC addr in any intermediate switch (ARP tables) > so I'm guessing it must be in the client's ARP cache? > > Does this make sense? > > What could I try before asking the HP iLO admin to reboot that system?
You said the HP ilo interface isn't even online but are you really sure about it? If it's an ilo with dedicated ethernet port then it's usually online as soon as the server is connected to power, even if the box is switched off. And if you're looking for a system with ugly behavior, things like ilo are good candidates because these embedded systems are not always tested as good as normal operating systems. Simon _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
