Сервак приходиться ребутить...проблема с arp ><

[helloworld]

В /var/log/messages
такая херня:

Код: Выделить всё

# tail -n 40 messages
May 15 10:49:21 war kernel: arp: 192.168.1.11 is on xl0 but got reply from 00:13:d4:f6:09:d7 on rl0
May 15 10:49:26 war kernel: arp: 192.168.1.1 is on lo0 but got reply from 00:1d:60:56:e7:07 on rl0
May 15 10:49:30 war kernel: arp: 192.168.1.1 is on lo0 but got reply from 00:1d:60:56:e7:07 on rl0
May 15 10:49:30 war kernel: arp: 192.168.1.11 is on xl0 but got reply from 00:13:d4:f6:09:d7 on rl0
May 15 10:49:34 war kernel: arp: 192.168.1.1 is on lo0 but got reply from 00:1d:60:56:e7:07 on rl0
May 15 10:49:50 war last message repeated 3 times
May 15 10:49:52 war kernel: arp: 192.168.1.11 is on xl0 but got reply from 00:13:d4:f6:09:d7 on rl0
May 15 10:49:56 war kernel: arp: 192.168.1.11 is on xl0 but got reply from 00:13:d4:f6:09:d7 on rl0
May 15 10:49:59 war kernel: arp: 192.168.1.1 is on lo0 but got reply from 00:1d:60:56:e7:07 on rl0
May 15 10:50:00 war kernel: arp: 192.168.1.11 is on xl0 but got reply from 00:13:d4:f6:09:d7 on rl0
May 15 10:50:03 war kernel: arp: 192.168.1.1 is on lo0 but got reply from 00:1d:60:56:e7:07 on rl0

Что это ? Вирусы с виндового 192.168.1.11 ??

rl0 - внешний интерфейс с реальным ip адресом x.x.x.x
xl0 - внутренний интерфейс с ip адресом 192.168.1.1

# uname -r
5.5-RELEASE-p20

[Хостинг HostFood.ru]

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

[hizel]

такое ощущение что у вас оба интерфеса смотрят в одну сетку

[helloworld]

не может быть такого
локальная сеть - 192.168.1.0/24
внешний интерфейс имеет статичный ip адрес

[hizel]

ню

Код: Выделить всё

May 15 10:49:30 war kernel: arp: 192.168.1.11 is on xl0 but got reply from 00:13:d4:f6:09:d7 on rl0

расшифровка 1.11 в xl0 однако ответ с этого адреса приходит с rl0
получается один эзернет сегмент
у вас там может if_bridge какой поднят? :\

[helloworld]

да ничего сверхъестественного, сеть 1.0/24 за натом, сервер --> инет
сейчас забанил все что идет с 10,11,13 машин на внутр xl0

Код: Выделить всё

May 15 13:31:59 war kernel: arp: 192.168.1.11 is on xl0 but got reply from 00:13:d4:f6:09:d7 on rl0
May 15 13:32:07 war kernel: arp: 192.168.1.11 is on xl0 but got reply from 00:13:d4:f6:09:d7 on rl0
May 15 13:32:07 war kernel: arp: 192.168.1.13 is on xl0 but got reply from 00:40:f4:6d:d2:52 on rl0
May 15 13:40:26 war kernel: arp: 192.168.1.11 is on xl0 but got reply from 00:13:d4:f6:09:d7 on rl0
May 15 13:41:32 war kernel: arp: 192.168.1.11 is on xl0 but got reply from 00:13:d4:f6:09:d7 on rl0
May 15 13:42:27 war kernel: arp: 192.168.1.11 is on xl0 but got reply from 00:13:d4:f6:09:d7 on rl0
May 15 13:44:10 war kernel: arp: 192.168.1.13 is on xl0 but got reply from 00:40:f4:6d:d2:52 on rl0
May 15 13:46:10 war kernel: arp: 192.168.1.13 is on xl0 but got reply from 00:40:f4:6d:d2:52 on rl0
May 15 13:47:29 war kernel: arp: 192.168.1.10 is on xl0 but got reply from 00:11:2f:68:c0:86 on rl0

[hizel]

ifconfig
netstat -rn
ээ
arp -an
дай

явно видно что у тебя обе сетевушки в одном эзернет сегменте

[LMik]

свитч и вланы?

[helloworld]

свичи обычные за 600 р
вланов нет

Код: Выделить всё

# ifconfig
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet 89.186.245.97 netmask 0xfffffe00 broadcast 89.186.245.255
        ether 00:0e:a6:47:8f:23
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        ether 00:60:98:ef:c3:9c
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000

Код: Выделить всё

r# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            89.186.244.24      UGS         0  2198619    rl0
89.186.244/23      link#1             UC          0        0    rl0
89.186.244.2       00:12:a9:0a:22:a0  UHLW        1        0    rl0   1110
89.186.244.4       00:0e:6a:d2:84:c0  UHLW        1        0    rl0   1200
89.186.244.18      00:04:23:d3:a6:f6  UHLW        1    45431    rl0   1189
89.186.244.24      00:04:23:d5:9a:d6  UHLW        2        0    rl0   1199
89.186.244.40      00:0e:6a:d2:74:60  UHLW        1        0    rl0   1009
89.186.244.53      00:0e:6a:d2:94:c0  UHLW        1        0    rl0   1200
89.186.245.27      00:80:48:28:80:5b  UHLW        1     9170    rl0   1199
89.186.245.42      00:02:55:30:c6:ea  UHLW        1     2848    rl0   1190
89.186.245.72      00:0e:a6:d0:05:cc  UHLW        1        0    rl0   1048
127.0.0.1          127.0.0.1          UH          0    16253    lo0
192.168.1          link#2             UC          0        0    xl0
192.168.1.99       00:13:d4:73:3f:43  UHLW        1      660    xl0    917
192.168.1.255      ff:ff:ff:ff:ff:ff  UHLWb       1      276    xl0

Код: Выделить всё

# arp -an
? (89.186.244.2) at 00:12:a9:0a:22:a0 on rl0 [ethernet]
? (89.186.244.4) at 00:0e:6a:d2:84:c0 on rl0 [ethernet]
? (89.186.244.18) at 00:04:23:d3:a6:f6 on rl0 [ethernet]
? (89.186.244.24) at 00:04:23:d5:9a:d6 on rl0 [ethernet]
? (89.186.244.40) at 00:0e:6a:d2:74:60 on rl0 [ethernet]
? (89.186.244.53) at 00:0e:6a:d2:94:c0 on rl0 [ethernet]
? (89.186.245.27) at 00:80:48:28:80:5b on rl0 [ethernet]
? (89.186.245.42) at 00:02:55:30:c6:ea on rl0 [ethernet]
? (89.186.245.72) at 00:0e:a6:d0:05:cc on rl0 [ethernet]
? (192.168.1.99) at 00:13:d4:73:3f:43 on xl0 [ethernet]
? (192.168.1.255) at ff:ff:ff:ff:ff:ff on xl0 permanent [ethernet]

dns - 89.186.244.18
gateway - 89.186.244.24

как только забанил ip 10,11,13 - проблем нет, логи пустые.

[helloworld]

So, problem is not fixed, any ideas ?

Код: Выделить всё

# arp -an
? (89.186.244.2) at 00:12:a9:0a:22:a0 on rl0 [ethernet]
? (89.186.244.4) at 00:0e:6a:d2:84:c0 on rl0 [ethernet]
? (89.186.244.18) at 00:04:23:d3:a6:f6 on rl0 [ethernet]
? (89.186.244.24) at 00:04:23:d5:9a:d6 on rl0 [ethernet]
? (89.186.244.33) at (incomplete) on rl0 [ethernet]
? (89.186.244.40) at 00:0e:6a:d2:74:60 on rl0 [ethernet]
? (89.186.244.52) at 00:0e:6a:d2:a8:60 on rl0 [ethernet]
? (89.186.244.53) at 00:0e:6a:d2:94:c0 on rl0 [ethernet]
? (89.186.244.62) at (incomplete) on rl0 [ethernet]
? (89.186.244.193) at 00:11:85:c5:b9:c1 on rl0 [ethernet]
? (89.186.244.221) at 00:e0:4d:02:12:e8 on rl0 [ethernet]
? (89.186.245.42) at 00:02:55:30:c6:ea on rl0 [ethernet]
? (89.186.245.72) at 00:0e:a6:d0:05:cc on rl0 [ethernet]
? (192.168.1.1) at 00:60:98:ef:c3:9c on xl0 permanent [ethernet]
? (192.168.1.8) at 00:11:11:99:3d:46 on xl0 [ethernet]
? (192.168.1.10) at 00:0e:a6:4b:d3:08 on xl0 [ethernet]
? (192.168.1.11) at 00:0c:6e:8f:ec:69 on xl0 [ethernet]
? (192.168.1.13) at 00:c0:df:0a:da:a3 on xl0 [ethernet]
? (192.168.1.20) at 00:0e:a6:4b:d2:dd on xl0 [ethernet]
? (192.168.1.21) at 00:1a:4d:f7:b5:ad on xl0 [ethernet]
? (192.168.1.22) at 00:0d:61:21:bc:2b on xl0 [ethernet]
? (192.168.1.30) at 00:15:58:44:3a:56 on xl0 [ethernet]
? (192.168.1.32) at 00:11:11:bc:46:d3 on xl0 [ethernet]
? (192.168.1.40) at 00:0c:6e:8f:ec:94 on xl0 [ethernet]
? (192.168.1.41) at 00:0c:6e:8f:ec:71 on xl0 [ethernet]
? (192.168.1.43) at 00:0c:6e:8f:ec:06 on xl0 [ethernet]
? (192.168.1.44) at 00:04:61:48:32:ed on xl0 [ethernet]
? (192.168.1.50) at 00:c0:9f:55:08:68 on xl0 [ethernet]
? (192.168.1.51) at 00:04:61:50:9f:d6 on xl0 [ethernet]
? (192.168.1.52) at 00:05:1c:01:75:04 on xl0 [ethernet]
? (192.168.1.61) at 00:0a:48:04:f1:c7 on xl0 [ethernet]
? (192.168.1.99) at 00:13:d4:73:3f:43 on xl0 [ethernet]
? (192.168.1.101) at 00:0f:ea:21:f6:6f on xl0 [ethernet]
? (192.168.1.255) at ff:ff:ff:ff:ff:ff on xl0 permanent [ethernet]

Код: Выделить всё

# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            89.186.244.24      UGS         0  1089929    rl0
89.186.244/23      link#1             UC          0        0    rl0
89.186.244.2       00:12:a9:0a:22:a0  UHLW        1        0    rl0   1104
89.186.244.4       00:0e:6a:d2:84:c0  UHLW        1        0    rl0   1199
89.186.244.18      00:04:23:d3:a6:f6  UHLW        1    23057    rl0   1196
89.186.244.24      00:04:23:d5:9a:d6  UHLW        2        0    rl0   1200
89.186.244.33      link#1             UHRLW       1       26    rl0      3
89.186.244.40      00:0e:6a:d2:74:60  UHLW        1        0    rl0   1005
89.186.244.52      00:0e:6a:d2:a8:60  UHLW        1        0    rl0   1199
89.186.244.53      00:0e:6a:d2:94:c0  UHLW        1        0    rl0   1198
89.186.244.62      link#1             UHLW        1       11    rl0
89.186.244.193     00:11:85:c5:b9:c1  UHLW        1       64    rl0   1053
89.186.244.221     00:e0:4d:02:12:e8  UHLW        1        0    rl0    366
89.186.245.42      00:02:55:30:c6:ea  UHLW        1      151    rl0   1200
89.186.245.72      00:0e:a6:d0:05:cc  UHLW        1        0    rl0    890
127.0.0.1          127.0.0.1          UH          0     8006    lo0
192.168.1          link#2             UC          0        0    xl0
192.168.1.1        00:60:98:ef:c3:9c  UHLW        1        2    lo0
192.168.1.8        00:11:11:99:3d:46  UHLW        1    11566    xl0    561
192.168.1.10       00:0e:a6:4b:d3:08  UHLW        1     1902    xl0    270
192.168.1.11       00:0c:6e:8f:ec:69  UHLW        1    19560    xl0    726
192.168.1.13       00:c0:df:0a:da:a3  UHLW        1    64310    xl0    804
192.168.1.20       00:0e:a6:4b:d2:dd  UHLW        1       44    xl0    103
192.168.1.21       00:1a:4d:f7:b5:ad  UHLW        1   173602    xl0    162
192.168.1.22       00:0d:61:21:bc:2b  UHLW        1      126    xl0    805
192.168.1.30       00:15:58:44:3a:56  UHLW        1    52392    xl0    138
192.168.1.32       00:11:11:bc:46:d3  UHLW        1     8268    xl0    945
192.168.1.40       00:0c:6e:8f:ec:94  UHLW        1     3336    xl0   1100
192.168.1.41       00:0c:6e:8f:ec:71  UHLW        1     9422    xl0     60
192.168.1.43       00:0c:6e:8f:ec:06  UHLW        1    24262    xl0    805
192.168.1.44       00:04:61:48:32:ed  UHLW        1   308106    xl0    738
192.168.1.50       00:c0:9f:55:08:68  UHLW        1    12766    xl0   1064
192.168.1.51       00:04:61:50:9f:d6  UHLW        1    13532    xl0    871
192.168.1.52       00:05:1c:01:75:04  UHLW        1    25826    xl0    538
192.168.1.61       00:0a:48:04:f1:c7  UHLW        1        8    xl0    174
192.168.1.99       00:13:d4:73:3f:43  UHLW        1      234    xl0   1182
192.168.1.101      00:0f:ea:21:f6:6f  UHLW        1   264556    xl0    738
192.168.1.255      ff:ff:ff:ff:ff:ff  UHLWb       1      214    xl0

[hizel]

да идея все таже, кастую петлю в эзернете

[dikens3]

да идея все таже, кастую петлю в эзернете

+1
У него наверное там вместо свича ХАБ стоит.

[keli]

у нас была такая ерунда - когда пров в нашу сторону пустил свою внутр сетку с такими же ипами (192.168.0 )

[uHk]

Код: Выделить всё

war kernel: arp: 192.168.1.11 is on xl0 but got reply from 00:13:d4:f6:09:d7 on rl0

из этого следует, что адрес 1.11 присутствует на обоих интерхейсах с разными MAC, и не обязательно, что оба интерфейса смотрят в одну сеть.
тут вот как : у прова есть своя сеть, и в ней присутствует 1.11.
лечится это отключением arp на интерфейсе прова

Код: Выделить всё

ifconfig_rl0 inet ххх.ххх.ххх.ххх mask xxx.xxx.xxx.xxx -arp