Re: changing ethernet devices, new one stops cold at iptables

From: Gene Heskett
Date: Sun Jul 25 2004 - 18:46:28 EST


On Sunday 25 July 2004 17:23, David Ford wrote:
>No need to reboot it. Simply flush the neighbor cache.
>
>Scott root # ip neigh flush help
>Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr
> LLADDR ] [ nud { permanent | noarp | stale | reachable } ]
>
> | proxy ADDR } [ dev DEV ]
>
> ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ]
>
>David

Is my manpages too old? I studied it for arp at least half an hour
without seeing any way out of the dilemma short of a reboot, so I
did. And I just checked, theres no linkage from arp to anything
called 'ip'. Wrecked a 78 day uptime :(

Yes, I learned something from your message, thank you very much, but
why is it so deeply buried?

Humm, is there not an option that will a: flush, and then b: refresh
itself just as if its been rebooted? The 'replace' appears to
require intimate knowledge of a 48 bit MAC address etc I'd assume.


>Gene Heskett wrote:
>>On Sunday 25 July 2004 05:50, Henrik Nordstrom wrote:
>>>On Thu, 22 Jul 2004, Gene Heskett wrote:
>>>>I can ping the firewall, and I can ssh into it, so that part of
>>>>the network is fine, I just cannot get past iptables in the
>>>>firewall when eth0 is the nforce hardware, which has a different
>>>>MAC address.
>>>
>>>Have you verified that the routing got correctly set up on the new
>>>box?
>>>
>>> ip ro ls
>>>
>>>The usual cause to the symptoms you describe is that the default
>>>route has gone missing or is invalid.
>>
>>The routing was good, showing the fireall as the default gateway
>>address.
>>
>>In this case, the fix was to reboot the firewall so that its arp
>>tables got refreshed to match the new MAC address of the onboard
>>nforce (forcedeth) nic. Once that was done, everything was peachy.
>>
>>Thanks, I appreciate the reply, Henrik.

--
Cheers, Gene
There are 4 boxes to be used in defense of liberty.
Soap, ballot, jury, and ammo.
Please use in that order, starting now. -Ed Howdershelt, Author
Additions to this message made by Gene Heskett are Copyright 2004,
Maurice E. Heskett, all rights reserved.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/