I''ve used Shorewall in many locations to configure Proxy ARP''d DMZ''s. On a couple of these networks, I''m doing away with the DMZ and moving one or two of the hosts to being directly accessible on an Internet connection. On my Shorewall boxes, I''m seeing stale arp entries like this: (172.16.0.2) at <incomplete> on eth2.14 Windows can flush the arp cache entirely quite easily, but I haven''t yet found a command in Linux that will do this. Any gurus out there know how to do this easily? ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Tue, 2007-09-11 at 09:46 -0700, List Receiver wrote:> I''ve used Shorewall in many locations to configure Proxy ARP''d DMZ''s. On a couple of these networks, I''m doing away with the DMZ and moving one or two of the hosts to being directly accessible on an Internet connection. > > On my Shorewall boxes, I''m seeing stale arp entries like this: > > (172.16.0.2) at <incomplete> on eth2.14 > > Windows can flush the arp cache entirely quite easily, but I haven''t yet found a command in Linux that will do this. Any gurus out there know how to do this easily?arp -d 172.16.0.2 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> -----Original Message----- > From: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall- > users-bounces@lists.sourceforge.net] On Behalf Of Tom Eastep > Sent: Tuesday, September 11, 2007 9:52 AM > To: Shorewall Users > Subject: Re: [Shorewall-users] Delete an ARP entry > > On Tue, 2007-09-11 at 09:46 -0700, List Receiver wrote: > > I''ve used Shorewall in many locations to configure Proxy ARP''d DMZ''s. > On a couple of these networks, I''m doing away with the DMZ and moving > one or two of the hosts to being directly accessible on an Internet > connection. > > > > On my Shorewall boxes, I''m seeing stale arp entries like this: > > > > (172.16.0.2) at <incomplete> on eth2.14 > > > > Windows can flush the arp cache entirely quite easily, but I haven''t > yet found a command in Linux that will do this. Any gurus out there > know how to do this easily? > > arp -d 172.16.0.2 > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.keyWhen listed as "incomplete", that command gives me an error of "no such host" or similar. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Tue, 2007-09-11 at 09:53 -0700, List Receiver wrote:> > When listed as "incomplete", that command gives me an error of "no such host" or similar. > >Don''t know what to tell you -- works here. gateway:~ # # First create an <incomplete> ARP entry gateway:~ # ping 192.168.1.99 PING 192.168.1.99 (192.168.1.99) 56(84) bytes of data. From 192.168.1.254: icmp_seq=1 Destination Host Unreachable From 192.168.1.254 icmp_seq=1 Destination Host Unreachable From 192.168.1.254 icmp_seq=2 Destination Host Unreachable From 192.168.1.254 icmp_seq=3 Destination Host Unreachable --- 192.168.1.99 ping statistics --- 5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4010ms, pipe 3 gateway:~ # # Verify the <incomplete> ARP entry gateway:~ # arp -na ? (206.124.146.177) at 00:16:3E:B1:D7:90 [ether] on eth3 ? (192.168.1.3) at 00:A0:CC:D2:35:3A [ether] on br0 ? (192.168.1.99) at <incomplete> on br0 ? (192.168.1.8) at FE:B4:A4:E0:F7:02 [ether] on br0 ? (192.168.3.8) at 00:0F:66:EF:B6:F6 [ether] on eth1 ? (206.124.146.254) at 00:01:63:3D:30:38 [ether] on eth0 ? (192.168.3.6) at 00:12:79:3D:FE:2E [ether] on eth1 ? (192.168.1.9) at * PERM PUP on br0 ? (192.168.1.7) at * PERM PUP on br0 ? (206.124.146.177) at * PERM PUP on eth0 ? (192.168.1.1) at * PERM PUP on br0 gateway:~ # # Delete the <incomplete> ARP entry gateway:~ # arp -d 192.168.1.99 gateway:~ # -Tom> ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users-- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Tue, Sep 11, 2007 at 09:53:42AM -0700, List Receiver wrote:> > > On my Shorewall boxes, I''m seeing stale arp entries like this: > > > > > > (172.16.0.2) at <incomplete> on eth2.14 > > > > > > Windows can flush the arp cache entirely quite easily, but I haven''t > > yet found a command in Linux that will do this. Any gurus out there > > know how to do this easily? > > > > arp -d 172.16.0.2 > > When listed as "incomplete", that command gives me an error of "no such host" or similar.That''s not a stale arp entry. That''s just the kernel noting that it has sent out an arp request and never received a response, so it won''t send another before the retransmission interval has elapsed. It''s not an entry in the arp cache. Removing it will not solve your problem, whatever it is. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> -----Original Message----- > From: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall- > users-bounces@lists.sourceforge.net] On Behalf Of Andrew Suffield > Sent: Tuesday, September 11, 2007 10:15 AM > To: shorewall-users@lists.sourceforge.net > Subject: Re: [Shorewall-users] Delete an ARP entry > > On Tue, Sep 11, 2007 at 09:53:42AM -0700, List Receiver wrote: > > > > On my Shorewall boxes, I''m seeing stale arp entries like this: > > > > > > > > (172.16.0.2) at <incomplete> on eth2.14 > > > > > > > > Windows can flush the arp cache entirely quite easily, but I > haven''t > > > yet found a command in Linux that will do this. Any gurus out > there > > > know how to do this easily? > > > > > > arp -d 172.16.0.2 > > > > When listed as "incomplete", that command gives me an error of "no > such host" or similar. > > That''s not a stale arp entry. That''s just the kernel noting that it > has sent out an arp request and never received a response, so it won''t > send another before the retransmission interval has elapsed. It''s not > an entry in the arp cache. Removing it will not solve your problem, > whatever it is. >Got it...that makes more sense. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/