On Tue, 3 Aug 2004, Giuseppe Vacanti wrote:
> John Auld said:
> > If the m0n0wall does respond, do you have stale arp entries the host where
> > you run ping. Try arp -a and look for out of date arp entries. Try
> > deleting
> > the old arp entries if they are present.
> 
> Thanks John, that must have been it. Although the system I was pinging
> from does not seem to have any cached arp for my m0n0wall (it is not on

Are you saying that you were pinging from a machine with no ARP entry for
the target IP and still got a response?  That would be *very* strange.

ARP alone isn't enough to get a response from the m0n0wall - it still
needs to recognize the IP in some fashion.  A stale ARP entry would only
get the packet *to* the m0n0wall; it wouldn't make it use it.

Perhaps you have outdated NAT entries in the m0n0wall (in the system if
not in the GUI).

> the same physical network segment), there must be some other cache in the
> network in my building (my subnet is controlled by a switch I have no
> direct control over). In fact after a few hours m0n0wall stopped
> responding to the wrong IP addresses. I'll have to take the issue up with
> the people controlling that switch. Thanks for the help.

The "few hours" sounds plausible for a NAT entry timeout for something
without a well-defined "close connection" exchange (i.e. almost anything
but TCP).

BTW, the switch has nothing to do with ARP per se, unless it's a really
sophisticated switch.  A run-of-the-mill switch simply tracks which MAC
addresses lie on which ports, and doesn't care about IP, ARP, or whatever.
But any *machine* on the switch would probably be cacheing ARP entries.

					Fred Wright