Re: Moved MAC addresses
"M.Atıf CEYLAN" <mehmet@atifceylan.com> writes:
> Hi,
> I have two debian servers. They have two interfaces on each server.
> For example,
> server1:
> eth0 e8:b7:48:7b:35:f6 10.10.10.2
> eth1 is e8:b7:48:7b:35:f7 172.16.1.2
>
> There is a pfsense firewall on frontend. PF syslogs contain below lines;
>
> kernel: arp: 10.10.10.2 moved from e8:b7:48:7b:35:f6 on em1
> kernel: arp: 10.10.10.2 moved from e8:b7:48:7b:35:f7 on em1
>
> I look at ifconfig output on my debian servers but don't see any ip conflict
> or there is any same ip address on the network.
> Also changed mac addresses are on the same machine.
You haven't said a lot about your topology; are both interfaces visible
to the firewall through whatever series of switches you might have?
Actually, that pretty much has to be the case, otherwise your firewall
couldn't see both MAC addresses.
I'll hazard a guess that you're seeing an artifact of the fact that
Linux assigns an IP address to the host, not the interface (in spite of
what ifconfig says), so if a packet comes to 10.10.10.2 then either
interface will happily respond to it. See:
https://www.ibm.com/developerworks/community/blogs/tclaret/entry/linux_considers_an_ip_address_as_belonging_to_a_host_rather_than_an_interface?lang=en
I do find myself curious about just how your network is wired up...
Reply to: