On Tue, 3 Aug 2004, Giuseppe Vacanti wrote:
> John Auld said:
> > If the m0n0wall does respond, do you have stale arp entries the host where
> > you run ping. Try arp -a and look for out of date arp entries. Try
> > deleting
> > the old arp entries if they are present.
> Thanks John, that must have been it. Although the system I was pinging
> from does not seem to have any cached arp for my m0n0wall (it is not on
Are you saying that you were pinging from a machine with no ARP entry for
the target IP and still got a response? That would be *very* strange.
ARP alone isn't enough to get a response from the m0n0wall - it still
needs to recognize the IP in some fashion. A stale ARP entry would only
get the packet *to* the m0n0wall; it wouldn't make it use it.
Perhaps you have outdated NAT entries in the m0n0wall (in the system if
not in the GUI).
> the same physical network segment), there must be some other cache in the
> network in my building (my subnet is controlled by a switch I have no
> direct control over). In fact after a few hours m0n0wall stopped
> responding to the wrong IP addresses. I'll have to take the issue up with
> the people controlling that switch. Thanks for the help.
The "few hours" sounds plausible for a NAT entry timeout for something
without a well-defined "close connection" exchange (i.e. almost anything
BTW, the switch has nothing to do with ARP per se, unless it's a really
sophisticated switch. A run-of-the-mill switch simply tracks which MAC
addresses lie on which ports, and doesn't care about IP, ARP, or whatever.
But any *machine* on the switch would probably be cacheing ARP entries.