[Gllug] Routing question

Bruce Richardson itsbruce at uklinux.net
Thu Apr 14 19:38:04 UTC 2005


On Thu, Apr 14, 2005 at 04:40:45PM +0100, Tom wrote:
> 
> I've tried using arp_ignore, setting it to 3, but the poor local
> computer that has the same ip address as the remote end of the tunnel's
> ppp interface still gets shafted as soon as it tries to access a network
> share.
> 
> Is this to do with Windows networking? Because arp_ignore definitely
> controls whether or not I can ping the ppp interface's two ip addresses.

It is possible that the box doing ppp is announcing its newly acquired
address to the local subnet when it acquires it.  You might be able to
block this using the arp_announce setting, but I have a feeling that
your ill-advisedly overlapping subnet is going to stop that.  You can
probably block it with an arptables rule, but you will still have a
problem with communicationd between the ppp box and the local box.

Your real problem is this mad one-big-subnet thing.  It's a real abuse
of ip.  If you must treat your multple vpn-linked locations as one big
segment, at least avoid duplicate addresses.

Could be worse.  I know of one big multinational that has linked all of
its multiple networks so that they are one big layer 2 network.  If a
packet storm starts in one location, they have to ring round the network
admins in other countries so that they can start pulling out cables.

-- 
Bruce

Hummingbirds are the only birds that can fly backwards, apart from
ostriches if you punch them hard enough.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20050414/7407c1bb/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug


More information about the GLLUG mailing list