Here''s one that makes me scratch my head.
I have a layout like this:
172.16.0.0/16 1.2.3.48/28
172.16.n.n (fictional public IP range)
internal hosts
|
<----+-----+----------+ +----------+------>to the Internet
| | | |
Internal | | |
Host Firewall Outside
eth1 eth0 Router
172.16.16.99 172.16.16.3 1.2.3.50 1.2.3.49
I want to use my own MAC addresses on all the firewall NICs. This way,
I should be able to swap firewall systems without disturbing the ARP
caches on the outside router or internal hosts. I do it like this:
ifdown eth1
ifconfig eth1 hw ether 17:20:16:01:60:03
ifup eth1
Similarly for eth0.
>From my internal host, ping 1.2.3.49. This works before switching MAC
Addresses and fails after doing it.
The internal host can ping the firewall at 172.16.16.3.
The firewall can ping 1.2.3.49.
But that firewall will not forward anything after giving its NICs my
made-up MAC Addresses.
When I put the MAC Addresses back to their "real" values, the firewll
forwards again.
>From the internal host, arp -a shows what it is supposed to show.
The firewall is running 2.4.27 from kernel.org. I am using 3Com 3C905B
NICs. /proc/sys/net/ipv4/ip_forward is 1.
What am I missing? Why does changing MAC Addresses mess up forwarding?
Thanks
- Greg Scott
