Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!
Ogłoszenie
Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.
#1 2015-03-11 10:23:54
ukasz - 
Użytkownik
- ukasz
- Użytkownik
- Skąd: wroclaw
- Zarejestrowany: 2006-06-21
wpisy w arp z obecj podsieci
Cześć
Jeden z serwerów uzupełnia wpisy w arp adresami ip z podsieci która nie jest przypisana na żadnym interfejsie. Serwer ma jedną kartę eth0. Jest ona podpięta do vlan-u w którym są dwie podsieci.
Kod:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:6d:c3:8f brd ff:ff:ff:ff:ff:ff
inet 193.x.123.30/26 brd 193.194.123.63 scope global eth0
valid_lft forever preferred_lft foreverWpisy w arp:
Kod:
arp -n Address HWtype HWaddress Flags Mask Iface 192.168.71.112 (incomplete) eth0 192.168.71.135 ether 44:87:fc:f0:46:57 C eth0 192.168.71.118 ether 00:1f:16:2f:bc:09 C eth0 193.x.123.62 ether d4:ca:6d:84:a4:7d C eth0 192.168.71.141 (incomplete) eth0 192.168.71.152 (incomplete) eth0 192.168.71.158 (incomplete) eth0 192.168.71.113 ether f0:1f:af:5a:0a:4a C eth0 192.168.71.132 ether 78:45:c4:10:38:dd C eth0 192.168.71.9 (incomplete) eth0 192.168.71.119 (incomplete) eth0 192.168.71.147 ether 00:18:f3:be:df:84 C eth0 192.168.71.125 ether 00:18:f3:be:b7:26 C eth0 192.168.71.205 (incomplete) eth0 192.168.71.133 ether 44:87:fc:f0:59:4d C eth0 192.168.71.116 ether d0:67:e5:1a:8d:0c C eth0 192.168.71.111 (incomplete) eth0 192.168.71.122 (incomplete) eth0 192.168.71.156 ether e0:db:55:d4:ce:98 C eth0 192.168.71.130 ether f0:4d:a2:f4:84:76 C eth0 192.168.71.123 ether 00:22:68:1c:a4:3d C eth0 192.168.71.142 ether f0:4d:a2:f4:85:9c C eth0 192.168.71.157 (incomplete) eth0 192.168.71.131 ether f0:4d:a2:ce:87:17 C eth0 192.168.71.114 ether 18:03:73:7f:85:05 C eth0 192.168.71.120 ether 78:ac:c0:bb:be:0e C eth0 192.168.71.128 ether e0:db:55:d4:c9:4b C eth0 192.168.71.106 ether c8:1f:66:19:f2:0a C eth0 193.x.123.59 ether 52:54:00:7e:bc:af C eth0 192.168.71.161 ether 00:50:b6:69:82:d3 C eth0 192.168.71.134 (incomplete) eth0 192.168.71.115 (incomplete) eth0 192.168.71.121 ether f0:4d:a2:f7:6c:e4 C eth0 192.168.71.149 (incomplete) eth0 192.168.71.173 ether 00:1d:7d:7b:8f:12 C eth0
Router wysyła ICMP redirect-y.
Kod:
ping 192.168.71.9 PING 192.168.71.9 (192.168.71.9) 56(84) bytes of data. 64 bytes from 192.168.71.9: icmp_req=1 ttl=254 time=2.05 ms From 193.x.123.62: icmp_seq=2 Redirect Host(New nexthop: 192.168.71.9)
Po tym jak serwer dostanie ICMP redirect z routera, robi sobie taki wpis:
Kod:
ip r g 192.168.71.9
192.168.71.9 via 192.168.71.9 dev eth0 src 193.x.123.30
cacheTymczasowo ustawiłem accept_redirects=0 na każdym interfejsie. Pomogło.
Kod:
sysctl -a | grep redirects net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.default.secure_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.eth0.accept_redirects = 0 net.ipv4.conf.eth0.secure_redirects = 0 net.ipv4.conf.eth0.send_redirects = 0 net.ipv4.conf.lo.accept_redirects = 0 net.ipv4.conf.lo.secure_redirects = 0 net.ipv4.conf.lo.send_redirects = 0 net.ipv6.conf.all.accept_redirects = 0 net.ipv6.conf.default.accept_redirects = 0 net.ipv6.conf.eth0.accept_redirects = 0 net.ipv6.conf.lo.accept_redirects = 0
Tak na prawde to są dwa problemy. Router (Mikrotik) mimo to, że ma wyłączone wysyłanie i odbieranie ICMP redirectów:
Kod:
ip settings print
ip-forward: yes
send-redirects: no
accept-source-route: no
accept-redirects: no
secure-redirects: no
rp-filter: loose
tcp-syncookies: yes
max-arp-entries: 8192
arp-timeout: 30s
icmp-rate-limit: 10
icmp-rate-mask: 0x1818
allow-fast-path: yesWysyła je dalej. To na razie można zostawić jako osobny temat. Co zdziwiło mnie jednak jest to, że debian dodaje wpisy w ARP mimo to, że nie ma przypisanego adresu z podsieci 192.168.71.0/24. Czy ktoś wie z jakiej paki tak się dzieje ? Reboot nie pomógł.
Ostatnio edytowany przez ukasz (2015-03-11 10:26:05)
[img]http://wiblo.pl/wilk/userbars/debian_user_black.png[/img]
Offline
Informacje debugowania
| Time (s) | Query |
|---|---|
| 0.00009 | SET CHARSET latin2 |
| 0.00004 | SET NAMES latin2 |
| 0.00094 | SELECT u.*, g.*, o.logged FROM punbb_users AS u INNER JOIN punbb_groups AS g ON u.group_id=g.g_id LEFT JOIN punbb_online AS o ON o.ident='18.118.30.253' WHERE u.id=1 |
| 0.00184 | REPLACE INTO punbb_online (user_id, ident, logged) VALUES(1, '18.118.30.253', 1714855472) |
| 0.00067 | SELECT * FROM punbb_online WHERE logged<1714855172 |
| 0.00033 | SELECT t.subject, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, 0 FROM punbb_topics AS t INNER JOIN punbb_forums AS f ON f.id=t.forum_id LEFT JOIN punbb_forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=3) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=27154 AND t.moved_to IS NULL |
| 0.00037 | SELECT search_for, replace_with FROM punbb_censoring |
| 0.00140 | SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM punbb_posts AS p INNER JOIN punbb_users AS u ON u.id=p.poster_id INNER JOIN punbb_groups AS g ON g.g_id=u.group_id LEFT JOIN punbb_online AS o ON (o.user_id=u.id AND o.user_id!=1 AND o.idle=0) WHERE p.topic_id=27154 ORDER BY p.id LIMIT 0,25 |
| 0.00114 | UPDATE punbb_topics SET num_views=num_views+1 WHERE id=27154 |
| Total query time: 0.00682 s | |