On Tue 29 May 2018 at 14:57:22 (+0200), Pascal Hambourg wrote: > Le 28/05/2018 à 23:14, Pascal Hambourg a écrit : > >Le 28/05/2018 à 13:54, Alan Greenberger a écrit : > >> > >>You are mostly correct. However, I have one machine on which the > >>response to > >>/usr/sbin/arp -n > >>shows two lines with the HWaddress of the router, one with the internal > >>address as you said and the other with the external address. I have no > >>idea what made arp see the external address. > > > >Thinking of it, a router following the "weak host" model (like > >Linux does) can advertise any local address on any interface. It > >can be tested with arping. However I am failing to imagine any > >plausible scenario which could lead a host on the internal LAN to > >have the router's external IP address in its ARP cache. It means > >that either : > >- the host sends an ARP query for the router's external IP address > > I guess this could happen if the host has a direct default route (no > gateway) and the router acts as an ARP proxy. Quite an unusual > setup. > > >- the router sends an ARP query to the host from its external IP address > > I checked that the latter can happen when the router must send a > packet to the host with its external address as source and must > resolve the host's address. Then the ARP query source IP address is > the external address, and the destination host stores it in its ARP > cache. > > Any idea why the router would send packets to this host from its > external address ?
I think your analysis starts from an assumption that everything is, and always was, set up correctly from the start, and is working with a sane and correct configuration, which might not be completely true. Cheers, David.
