Cool ok let me have a look, I should be able to get this tested today
Hello, ok so after having a look I have replicated what you have said.
I setup a VM using a network VLAN 135
This had an address 10.0.135.0/24 [10 - 200]
I attached two NIC’s to the VM
eth0 - 10.0.135.10/24
eth1 - 10.0.135.11/24
These both had gateway’s set via context so when I boot my routes are as follows:
ip route show
default via 10.0.135.254 eth0
If I shut down eth0 it also removes the default gateway which messes things up I have to then add manually.
Anyway if I try access eth1 IP I can’t, if I try ping from the L3 in front of the VM I can no response put can see the traffic on tcpdump.
If I check arp I can see that eth0 MAC is responding with eth1 IP address (probably because of default gateway)
i checked proxy_arp and its off by default.
which it shouldnt need on but is behaving like proxy arp.
Anyway it looks like the original ethernet adapter is answering to arp for both IP addresses.
This is then failing anti-spoofing as the traffic is originating from the eth0 which has anti-spoofing on 10.0.135.10
as soon as I disable anti-spoofing it works fine (Just as you have said).
Please see bellow:
#PBC-FW01 (root) # diagnose sniffer packet any “host 10.0.135.11” 4
interfaces=[any]
filters=[host 10.0.135.11]
7.326147 VLAN-135 out arp who-has 10.0.135.11 tell 10.0.135.254
7.326151 dot1qToHosts out arp who-has 10.0.135.11 tell 10.0.135.254
7.326153 port4 out arp who-has 10.0.135.11 tell 10.0.135.254
7.326154 port3 out arp who-has 10.0.135.11 tell 10.0.135.254
7.326434 VLAN-135 in arp reply 10.0.135.11 is-at 2:0:a:0:87:a
7.326449 VLAN-135 out 213.210.32.5.59600 -> 10.0.135.11.22: syn 1790975125
7.326451 dot1qToHosts out 213.210.32.5.59600 -> 10.0.135.11.22: syn 1790975125
7.326453 port4 out 213.210.32.5.59600 -> 10.0.135.11.22: syn 1790975125
10.321393 VLAN-135 out 213.210.32.5.59600 -> 10.0.135.11.22: syn 1790975125
10.321396 dot1qToHosts out 213.210.32.5.59600 -> 10.0.135.11.22: syn 1790975125
10.321398 port4 out 213.210.32.5.59600 -> 10.0.135.11.22: syn 1790975125
16.321860 VLAN-135 out 213.210.32.5.59600 -> 10.0.135.11.22: syn 1790975125
16.321863 dot1qToHosts out 213.210.32.5.59600 -> 10.0.135.11.22: syn 1790975125
16.321864 port4 out 213.210.32.5.59600 -> 10.0.135.11.22: syn 1790975125
14 packets received by filter
0 packets dropped by kernel
PBC-FW01 (root) # execute ping 10.0.135.11
PING 10.0.135.11 (10.0.135.11): 56 data bytes
— 10.0.135.11 ping statistics —
3 packets transmitted, 0 packets received, 100% packet loss
PBC-FW01 (root) # execute ping 10.0.135.10
PING 10.0.135.10 (10.0.135.10): 56 data bytes
64 bytes from 10.0.135.10: icmp_seq=0 ttl=64 time=0.3 ms
— 10.0.135.10 ping statistics —
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.3/0.3/0.3 ms
PBC-FW01 (root) # get system arp | grep 10.0.135.11
10.0.135.11 0 02:00:0a:00:87:0a VLAN-135
10.0.135.10 0 02:00:0a:00:87:0a VLAN-135
^^ mac is the Same suggesting it is coming from eth0
