[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  Bill Dempsey <dempseyb at davishealthsystem dot org>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Question Concerning logs
 Date:  Thu, 3 Mar 2005 16:08:40 -0500
On Thu, 3 Mar 2005 08:26:01 -0500, Bill Dempsey
<dempseyb at davishealthsystem dot org> wrote:
> I'm logging the following in the system log of M0n0wall.
> 
> The IP in question is a RedHat linux box.
> 
> My Question is, what causes this - I assume it's probably a problem with
> multiple nics in the box.  Any one know how to fix it?
> 
> Mar 3 08:01:21   /kernel: arp: 10.1.30.11 moved from 00:0f:1f:6a:01:c3
> to 00:04:23:ab:81:44 on xl1
> Mar 3 08:01:21   /kernel: arp: 10.1.30.11 moved from 00:04:23:ab:81:44
> to 00:0f:1f:6a:01:c3 on xl1

That log indicates exactly what it shows.  The RH box is using
alternating NIC's to access the internet for some reason.  BSD logs
ARP changes like that because it can be a sign of ARP mischief.

Possibly some sort of failover on the same IP between the two NIC's? 
I've seen messages like that in various failover setups that aren't
operating properly (or are failing over for legit reasons).

A forum/list with more Red Hat knowledge available might provide more
helpful info than we can on this one.

-Chris