Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!
Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.
Cześć
Jeden z serwerów uzupełnia wpisy w arp adresami ip z podsieci która nie jest przypisana na żadnym interfejsie. Serwer ma jedną kartę eth0. Jest ona podpięta do vlan-u w którym są dwie podsieci.
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:6d:c3:8f brd ff:ff:ff:ff:ff:ff inet 193.x.123.30/26 brd 193.194.123.63 scope global eth0 valid_lft forever preferred_lft forever
Wpisy w arp:
arp -n Address HWtype HWaddress Flags Mask Iface 192.168.71.112 (incomplete) eth0 192.168.71.135 ether 44:87:fc:f0:46:57 C eth0 192.168.71.118 ether 00:1f:16:2f:bc:09 C eth0 193.x.123.62 ether d4:ca:6d:84:a4:7d C eth0 192.168.71.141 (incomplete) eth0 192.168.71.152 (incomplete) eth0 192.168.71.158 (incomplete) eth0 192.168.71.113 ether f0:1f:af:5a:0a:4a C eth0 192.168.71.132 ether 78:45:c4:10:38:dd C eth0 192.168.71.9 (incomplete) eth0 192.168.71.119 (incomplete) eth0 192.168.71.147 ether 00:18:f3:be:df:84 C eth0 192.168.71.125 ether 00:18:f3:be:b7:26 C eth0 192.168.71.205 (incomplete) eth0 192.168.71.133 ether 44:87:fc:f0:59:4d C eth0 192.168.71.116 ether d0:67:e5:1a:8d:0c C eth0 192.168.71.111 (incomplete) eth0 192.168.71.122 (incomplete) eth0 192.168.71.156 ether e0:db:55:d4:ce:98 C eth0 192.168.71.130 ether f0:4d:a2:f4:84:76 C eth0 192.168.71.123 ether 00:22:68:1c:a4:3d C eth0 192.168.71.142 ether f0:4d:a2:f4:85:9c C eth0 192.168.71.157 (incomplete) eth0 192.168.71.131 ether f0:4d:a2:ce:87:17 C eth0 192.168.71.114 ether 18:03:73:7f:85:05 C eth0 192.168.71.120 ether 78:ac:c0:bb:be:0e C eth0 192.168.71.128 ether e0:db:55:d4:c9:4b C eth0 192.168.71.106 ether c8:1f:66:19:f2:0a C eth0 193.x.123.59 ether 52:54:00:7e:bc:af C eth0 192.168.71.161 ether 00:50:b6:69:82:d3 C eth0 192.168.71.134 (incomplete) eth0 192.168.71.115 (incomplete) eth0 192.168.71.121 ether f0:4d:a2:f7:6c:e4 C eth0 192.168.71.149 (incomplete) eth0 192.168.71.173 ether 00:1d:7d:7b:8f:12 C eth0
Router wysyła ICMP redirect-y.
ping 192.168.71.9 PING 192.168.71.9 (192.168.71.9) 56(84) bytes of data. 64 bytes from 192.168.71.9: icmp_req=1 ttl=254 time=2.05 ms From 193.x.123.62: icmp_seq=2 Redirect Host(New nexthop: 192.168.71.9)
Po tym jak serwer dostanie ICMP redirect z routera, robi sobie taki wpis:
ip r g 192.168.71.9 192.168.71.9 via 192.168.71.9 dev eth0 src 193.x.123.30 cache
Tymczasowo ustawiłem accept_redirects=0 na każdym interfejsie. Pomogło.
sysctl -a | grep redirects net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.default.secure_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.eth0.accept_redirects = 0 net.ipv4.conf.eth0.secure_redirects = 0 net.ipv4.conf.eth0.send_redirects = 0 net.ipv4.conf.lo.accept_redirects = 0 net.ipv4.conf.lo.secure_redirects = 0 net.ipv4.conf.lo.send_redirects = 0 net.ipv6.conf.all.accept_redirects = 0 net.ipv6.conf.default.accept_redirects = 0 net.ipv6.conf.eth0.accept_redirects = 0 net.ipv6.conf.lo.accept_redirects = 0
Tak na prawde to są dwa problemy. Router (Mikrotik) mimo to, że ma wyłączone wysyłanie i odbieranie ICMP redirectów:
ip settings print ip-forward: yes send-redirects: no accept-source-route: no accept-redirects: no secure-redirects: no rp-filter: loose tcp-syncookies: yes max-arp-entries: 8192 arp-timeout: 30s icmp-rate-limit: 10 icmp-rate-mask: 0x1818 allow-fast-path: yes
Wysyła je dalej. To na razie można zostawić jako osobny temat. Co zdziwiło mnie jednak jest to, że debian dodaje wpisy w ARP mimo to, że nie ma przypisanego adresu z podsieci 192.168.71.0/24. Czy ktoś wie z jakiej paki tak się dzieje ? Reboot nie pomógł.
Ostatnio edytowany przez ukasz (2015-03-11 10:26:05)
Offline
Time (s) | Query |
---|---|
0.00011 | SET CHARSET latin2 |
0.00006 | SET NAMES latin2 |
0.00098 | SELECT u.*, g.*, o.logged FROM punbb_users AS u INNER JOIN punbb_groups AS g ON u.group_id=g.g_id LEFT JOIN punbb_online AS o ON o.ident='3.133.145.17' WHERE u.id=1 |
0.00095 | REPLACE INTO punbb_online (user_id, ident, logged) VALUES(1, '3.133.145.17', 1732791095) |
0.00058 | SELECT * FROM punbb_online WHERE logged<1732790795 |
0.00065 | SELECT t.subject, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, 0 FROM punbb_topics AS t INNER JOIN punbb_forums AS f ON f.id=t.forum_id LEFT JOIN punbb_forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=3) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=27154 AND t.moved_to IS NULL |
0.00006 | SELECT search_for, replace_with FROM punbb_censoring |
0.00152 | SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM punbb_posts AS p INNER JOIN punbb_users AS u ON u.id=p.poster_id INNER JOIN punbb_groups AS g ON g.g_id=u.group_id LEFT JOIN punbb_online AS o ON (o.user_id=u.id AND o.user_id!=1 AND o.idle=0) WHERE p.topic_id=27154 ORDER BY p.id LIMIT 0,25 |
0.00124 | UPDATE punbb_topics SET num_views=num_views+1 WHERE id=27154 |
Total query time: 0.00615 s |