PING: Linux doesn't respond to ARP broadcast

PING: Linux doesn't respond to ARP broadcast

Post by James Youngm » Tue, 22 Apr 1997 04:00:00


>I am trying to set up a testbed system for McAfee's Webshield product
>(scans in/outgoing Internet stream for viruses) which uses Linux as it's
>OS.  I'm using the 1.0 version of the product with a patch provided by
>McAfee to make it recognize our SMC Etherpower cards (w/DEC 21041 chip).

>You normally stick this product in-between your firewall and internal
>router, but for testing I just hooked both NICs onto our external Ethernet
>line (10Base2 [Thin net]). You are supposed to be able to manage the
>Webshield product via http or telnet, so I wanted to see if I am able to
>do so before I set up down-time on our Internet connection to insert this

Just get each interface going one at a time.

Quote:>The problem is that I'm not able to http/telnet to the Webshield system,
>or even ping it.  However, I *am* able to ping out from the Webshield

Do you get replies?

Quote:>On the same segment as the Webshield server is our Web server.  I
>can ping the Web server from the Webshield server but cannot ping
>the Webshield server from the Web server.

What does "netstat -i -n; netstat -r -n" on the  WS box say?

Quote:>I put a General Networks Sniffer
>on the line and when looking for broadcasts to/from the Web server's MAC
>address, I can see the Web server sending out ARP requests looking for the
>Webshield TCP/IP address, but the Webshield machine never responds to the
>ARP requests.

Hmm, does it know that's its address?   Is the interface up?

Quote:>Talking to McAfee they told me I have to be using cross-over cables.  I
>told them we were using 10Base2 and shouldn't need cross-over cables.

Ha ha.  Morons!

>then said their product won't work with 10Base2 (BNC connector). I don't
>think that's quite right. This seems to be more of a Linux problem than a
>Webshield problem.

They're probably being stupid unless these patches you are using for those
network cards don't support 10base2.

Quote:>I used the setup program that comes with the SMC Etherpower cards to force
>the cards to use the BNC connector, and forced the IRQ's to 10 and 11. One
>card (eth1) doesn't get a TCP/IP address as it will just be a passthrough
>from the outside.  

bzzt?   Is the webshield not functioning as an application gateway then?

Quote:>The version of Linux Webshield is running is 1.2.  I wouldn't think it is
>necessary to upgrade the Linux in this case, and at any rate I don't want
>to as this product was purchased as a stand-alone Internet virus scanner.
>We haven't paid for the product yet (demo copy)


Quote:>but we did sink the money
>into the hardware (DEC 5166 Prioris, 64 Megs RAM, a couple SCSI hard
>drives, etc..).

This seems enormously overpowered to me, is that the hardware they reccomended?

Quote:>I'm not a Linux guru and don't want to be at this point in
>time, but I feel I'm so close to getting this product working I'm willing
>to pursue it (I feel my reputation as a computer professional is on the
>line if I can't make it work).

Remember, it's their product.   There is nothing special about your network.

Quote:>Reading back through the newsgroup messages I tried such things as
>cat /proc/ksyms | grep ip_forward and
>cat /proc/net/arp
>and got nothing. It's almost as if Linux doesn't recognize it's own TCP/IP

netstat -i -n ?

Quote:>and thus doesn't respond to ARP requests (then again, how could
>Linux receive the responses to its ping if it couldn't recognize its own
>IP address?).

arp -a ?

Quote:>Since the Web server and Webshield machines are on the same
>LAN segment, the router shouldn't be involved.  Incidently, we are using a
>sub-netted segment and I do have the correct subnet mask, broadcast
>address, etc.. set on the Webshield machine.  I set the Webshield portion
>up so anyone could http or telnet to it, not just the trusted host (and it
>doesn't work from the trusted host either).

ifconfig -a on the WebShield and the firewall?

James Youngman       VG Gas Analysis Systems  The trouble with the rat-race
Before sending advertising material, read     is, even if you win, you're         still a rat.


1. Linux-to-Win98: ARP works; ping doesn't

Hi everyone,

I am trying to network my Linux and Win98 boxes.

Have two ISA 3Com 3c509 Ethernet cards, with a hub in
between.  Have TCP/IP configured for both boxes.

When I try to ping one box from the other, I don't get
any response, although I see the packet light flicker on the

When I do an arp -a on my Linux box, it correctly identifies
the IP address and Ethernet address of the host I am trying
to ping.

Also, ifconfig on my Linux box shows that I am receiving the
ping packets from my Win98 box.  But Win98 reports that the response
times out.

Any suggestions for troubleshooting or things I am missing?
Do I need to have RARP enabled?  IP forwarding?  
Many, many thanks in advance!
James V. Reagan
Java & OOA/D Consulting, Mentoring, and Development

2. hang at "finding module dependencies"

3. sun doesn't respond to arp request.

4. Odd problems with Linux <-> Novalink (Mac) telnet

5. Proxy ARP grief, just can't get box to respond to ARP request

6. Making a bootdisk with lilo

7. broadcast ping doesn't work

8. Managing Modem under SCO Unix

9. Broadcast ping doesn't work?

10. Ping doesn't respond but modem connection on both sides stayed on

11. arp/rarp work but ping doesn't?

12. responding to broadcast pings

13. ping -g 'gateway-IP' 'host-IP' DOESN'T work!