Re: [squid-users] Network problems, ARP related

From: Chris Robertson <crobertson_at_gci.net>
Date: Wed, 10 Jun 2009 17:15:57 -0800

giobuon_at_gmail.com wrote:
> Hi list,
> I have a question, not really about squid but I think someone maybe
> solved it before, so I post it here to hope to get the solution. I'm
> sorry if it bother you.
> I trying install a squid box based on newest debian amd64 to become
> transparent proxy. I have two NIC on box. Both of them and the rest of
> LAN + router connect to same switch. The topo is:
> NIC1-----------------------------------Sw------------------------LAN
> SQUID it
> NIC 2----------------------------------ch-----------------------Router--------------------------Internet
>
> NIC1 and NIC 2 on different subnet. (NIC 1 on LAN subnet, NIC 2 on
> router subnet)
>
> The problem is: when I send a ARP request from one host in LAN to NIC
> 1 I always get MAC address of NIC 2. Wireshark gave it more clear:
> Both of NIC response to request with its own MAC address.

You have two choices. One, just connect one network cable from your
Squid box to your switch. As you've noticed, both NICs will respond to
ARP requests for any IP addressed assigned on the box.

The other option is adding the following lines to /etc/sysctl.conf (from
http://www.ultramonkey.org/3/topologies/sl-ha-lb-eg.html)...

net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.eth1.arp_ignore = 1

...assuming NIC 2 is configured as eth1. This should prevent eth1 from
answering ARP requests for IP addresses that are not assigned to it.

> And I have some stranger problems: Some host on LAN disconnected to the Web
> (still ping, still ssh... but no web, maybe it is squid
> misconfiguration, I'm not sure) for a while.

Fix the ARP problem, see if that solves the other issues.

> /var/log/messages full of
> logs on any ARP broadcast from the LAN. I try google and guess it is
> something ppl called arp flux, but unsure.
> Have you got any idea about that.
> Thanks for any helping.
> -giobuon
>

Chris
Received on Thu Jun 11 2009 - 01:16:16 MDT

This archive was generated by hypermail 2.2.0 : Thu Jun 11 2009 - 12:00:03 MDT