[Rack] robot IP address still not working

Jonathan Lassoff jof at thejof.com
Wed May 9 19:58:45 PDT 2012


On Wed, May 9, 2012 at 7:48 PM, Jonathan Lassoff <jof at thejof.com> wrote:

> It's the oddest thing with bikeshed...
>
> I'm trying to do some DNAT for traffic coming inbound, and I can see the
> traffic with I pcap the interface, but if I add a logging statement in
> raw/PREROUTING matching on just the external destination IP and having it
> LOG... it never logs from a remote source.
>
> However, it works from another external IP in the same external LAN
> (minotaur -> MC Hawking external IP).
>
>
> The only thing I can think of as blocking this from getting from there to
> there is ebtables filtering, but there's no ebtables binary available.
> Maybe something else it setting stuff in there with it's own binary
> support for the right netlink messages.
>
> Any ideas?
>

Actually, I may have figured it out. Sonic.net seems to have somehow
learned the address 52:54:00:2a:80:90 for 75.101.62.93:

02:52:27.348405 00:22:be:3c:d6:44 > 52:54:00:2a:80:90, ethertype IPv4
(0x0800), length 78: REMOTE_IP_SCRUBBED.PORT > 75.101.62.93.22: Flags [S],
seq xxxxxxxxxx, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val
30107305 ecr 0,sackOK,eol], length 0

But locally, hosts are learning the right MAC:

.-(~)--------------------------------------------------------------------------------------------------(jof at minotaur
)-
`--> sudo arping -I eth0 75.101.62.93
ARPING 75.101.62.93 from 75.101.62.92 eth0
Unicast reply from 75.101.62.93 [00:00:24:C8:DF:FE]  0.835ms
Unicast reply from 75.101.62.93 [00:00:24:C8:DF:FE]  0.832ms
^CSent 2 probes (1 broadcast(s))
Received 2 response(s)

root at bikeshed:~# ifconfig eth2
eth2      Link encap:Ethernet  HWaddr 00:00:24:c8:df:fe
          inet addr:75.101.62.88  Bcast:75.101.62.255  Mask:255.255.255.0
          inet6 addr: fe80::200:24ff:fec8:dffe/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:115779121 errors:0 dropped:16042396 overruns:0 frame:0
          TX packets:71834438 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3468915913 (3.2 GiB)  TX bytes:4157264755 (3.8 GiB)
          Interrupt:9 Base address:0xe300


Let's see if they accept gratuitous ARPs.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.noisebridge.net/pipermail/rack/attachments/20120509/830eb52a/attachment.htm 


More information about the Rack mailing list