How to delete an entry in ARP - Networking

This is a discussion on How to delete an entry in ARP - Networking ; Hi I have changed the IP address of a RH linux host from 172.16.170.43 to 172.16.170.46. The /proc/net/arp still shows the .43 address as: IP address HW type Flags HW address Mask Device 172.16.170.43 0x1 0x0 00:00:00:00:00:00 * eth0 I ...

+ Reply to Thread
Results 1 to 17 of 17

Thread: How to delete an entry in ARP

  1. How to delete an entry in ARP

    Hi

    I have changed the IP address of a RH linux host from 172.16.170.43 to
    172.16.170.46. The /proc/net/arp still shows the .43 address as:
    IP address HW type Flags HW address
    Mask Device
    172.16.170.43 0x1 0x0 00:00:00:00:00:00
    * eth0

    I tried /sbin/arp -d 172.16.170.43

    It didn't work.

    Based on a hint from web, I tried

    /sbin/ip addr add 172.16.170.43 dev eth0
    /sbin/ip del add 172.16.170.43 dev eth0

    That made the ARP entry for .43 go away. However it was back again in
    a few seconds. How can I permanently delete the ARP entry for .43?

    Thanks for your help

  2. Re: How to delete an entry in ARP

    Hello,

    soup_or_power@yahoo.com a écrit :
    >
    > I have changed the IP address of a RH linux host from 172.16.170.43 to
    > 172.16.170.46. The /proc/net/arp still shows the .43 address as:
    > IP address HW type Flags HW address
    > Mask Device
    > 172.16.170.43 0x1 0x0 00:00:00:00:00:00
    > * eth0


    00:00:00:00:00:00 means that the ARP for that IP address resolution was
    not successful, which is expected if 172.16.170.43 is not assigned to
    any host on the network any more.

    > Based on a hint from web, I tried
    >
    > /sbin/ip addr add 172.16.170.43 dev eth0
    > /sbin/ip del add 172.16.170.43 dev eth0


    What a dirty hack.

    > That made the ARP entry for .43 go away. However it was back again in
    > a few seconds. How can I permanently delete the ARP entry for .43?


    Why do you want to delete this entry ? What harm does it cause ?
    Such an entry in the ARP table means that some process is still trying
    to talk to 172.16.170.43. Stop trying to talk to that IP address and the
    entry will vanish by itself. Maybe you need to update some config file
    or DNS record ?

  3. Re: How to delete an entry in ARP

    On May 25, 3:15*pm, "soup_or_po...@yahoo.com"
    wrote:
    > Hi
    >
    > I have changed the IP address of a RH linux host from 172.16.170.43 to
    > 172.16.170.46. The /proc/net/arp still shows the .43 address as:
    > IP address * * * HW type * * Flags * * * HW address
    > Mask * * Device
    > 172.16.170.43 * *0x1 * * * * 0x0 * * * * 00:00:00:00:00:00
    > * * * * *eth0
    >
    > I tried /sbin/arp -d 172.16.170.43
    >
    > It didn't work.
    >
    > Based on a hint from web, I tried
    >
    > /sbin/ip addr add 172.16.170.43 dev eth0
    > /sbin/ip del add 172.16.170.43 dev eth0
    >
    > That made the ARP entry for .43 go away. However it was back again in
    > a few seconds. How can I permanently delete the ARP entry for .43?
    >
    > Thanks for your help


    Hi

    My problem now is I can connect to port 1099 on .46 from .30 but not .
    35.

    The ping back and forth from .46 and .35 is fine. Sounds very screwed
    up. Please HELP!

  4. Re: How to delete an entry in ARP

    On Sun, 25 May 2008, in the Usenet newsgroup comp.os.linux.networking, in
    article <8eb0c588-deaf-4fac-b25c-29821571992a@d1g2000hsg.googlegroups.com>,
    soup_or_power@yahoo.com wrote:

    NOTE: Posting from groups.google.com (or some web-forums) dramatically
    reduces the chance of your post being seen. Find a real news server.

    > wrote:


    >> I have changed the IP address of a RH linux host from 172.16.170.43 to
    >> 172.16.170.46. The /proc/net/arp still shows the .43 address as:
    >> IP address =A0 =A0 =A0 HW type =A0 =A0 Flags =A0 =A0 =A0 HW address
    >> Mask =A0 =A0 Device
    >> 172.16.170.43 =A0 =A00x1 =A0 =A0 =A0 =A0 0x0 =A0 =A0 =A0 =A0 00:00:00:00:0=

    0:00
    >> * =A0 =A0 =A0 =A0eth0


    >> That made the ARP entry for .43 go away. However it was back again in
    >> a few seconds. How can I permanently delete the ARP entry for .43?


    Stop trying to talk to that IP address. Your description is lacking
    substantial details, but the host that this arp entry occurs on has
    been told that it has to talk to 172.16.170.43 - as you don't give any
    details, it's impossible to tell what - but there is some application
    running that wants to talk to this address.

    >My problem now is I can connect to port 1099 on .46 from .30 but not .
    >35.


    And how are you trying to connect? What application is trying? Is
    what-ever application running on ".35" hard coded to look to ".43"
    instead of some hostname, or the correct address?

    >The ping back and forth from .46 and .35 is fine. Sounds very screwed
    >up. Please HELP!


    Ping is a separate application, and apparently knows what address to
    contact. Your other unnamed application has a configuration error
    somewhere. Have you _restarted_ that application, or is it configured
    to only look for the wrong address?

    Old guy

  5. Re: How to delete an entry in ARP

    On May 25, 7:59*pm, ibupro...@painkiller.example.tld (Moe Trin) wrote:
    > On Sun, 25 May 2008, in the Usenet newsgroup comp.os.linux.networking, in
    > article <8eb0c588-deaf-4fac-b25c-298215719...@d1g2000hsg.googlegroups.com>,
    >
    > soup_or_po...@yahoo.com wrote:
    >
    > NOTE: Posting from groups.google.com (or some web-forums) dramatically
    > reduces the chance of your post being seen. *Find a real news server.
    >
    >
    >
    > > wrote:
    > >> I have changed the IP address of a RH linux host from 172.16.170.43 to
    > >> 172.16.170.46. The /proc/net/arp still shows the .43 address as:
    > >> IP address =A0 =A0 =A0 HW type =A0 =A0 Flags =A0 =A0 =A0 HW address
    > >> Mask =A0 =A0 Device
    > >> 172.16.170.43 =A0 =A00x1 =A0 =A0 =A0 =A0 0x0 =A0 =A0 =A0 =A0 00:00:00:00:0=

    > 0:00
    > >> * =A0 =A0 =A0 =A0eth0
    > >> That made the ARP entry for .43 go away. However it was back again in
    > >> a few seconds. How can I permanently delete the ARP entry for .43?

    >
    > Stop trying to talk to that IP address. *Your description is lacking
    > substantial details, but the host that this arp entry occurs on has
    > been told that it has to talk to 172.16.170.43 - as you don't give any
    > details, it's impossible to tell what - but there is some application
    > running that wants to talk to this address.
    >
    > >My problem now is I can connect to port 1099 on .46 from .30 but not .
    > >35.

    >
    > And how are you trying to connect? *What application is trying? Is
    > what-ever application running on ".35" hard coded to look to ".43"
    > instead of some hostname, or the correct address?
    >
    > >The ping back and forth from .46 and .35 is fine. Sounds very screwed
    > >up. Please HELP!

    >
    > Ping is a separate application, and apparently knows what address to
    > contact. Your other unnamed application has a configuration error
    > somewhere. *Have you _restarted_ that application, or is it configured
    > to only look for the wrong address?
    >
    > * * * * Old guy


    Thanks for your comments.

    Found out that ping from .35 to .46 is successful. But from .46 to .35
    is unsuccessful. How weird is that? Should I consider replacing the
    NIC?

    Thanks

  6. Re: How to delete an entry in ARP

    On May 26, 7:44*am, "soup_or_po...@yahoo.com"
    wrote:
    > On May 25, 7:59*pm, ibupro...@painkiller.example.tld (Moe Trin) wrote:
    >
    >
    >
    >
    >
    > > On Sun, 25 May 2008, in the Usenet newsgroup comp.os.linux.networking, in
    > > article <8eb0c588-deaf-4fac-b25c-298215719...@d1g2000hsg.googlegroups.com>,

    >
    > > soup_or_po...@yahoo.com wrote:

    >
    > > NOTE: Posting from groups.google.com (or some web-forums) dramatically
    > > reduces the chance of your post being seen. *Find a real news server.

    >
    > > > wrote:
    > > >> I have changed the IP address of a RH linux host from 172.16.170.43 to
    > > >> 172.16.170.46. The /proc/net/arp still shows the .43 address as:
    > > >> IP address =A0 =A0 =A0 HW type =A0 =A0 Flags =A0 =A0 =A0 HW address
    > > >> Mask =A0 =A0 Device
    > > >> 172.16.170.43 =A0 =A00x1 =A0 =A0 =A0 =A0 0x0 =A0 =A0 =A0 =A0 00:00:00:00:0=

    > > 0:00
    > > >> * =A0 =A0 =A0 =A0eth0
    > > >> That made the ARP entry for .43 go away. However it was back again in
    > > >> a few seconds. How can I permanently delete the ARP entry for .43?

    >
    > > Stop trying to talk to that IP address. *Your description is lacking
    > > substantial details, but the host that this arp entry occurs on has
    > > been told that it has to talk to 172.16.170.43 - as you don't give any
    > > details, it's impossible to tell what - but there is some application
    > > running that wants to talk to this address.

    >
    > > >My problem now is I can connect to port 1099 on .46 from .30 but not .
    > > >35.

    >
    > > And how are you trying to connect? *What application is trying? Is
    > > what-ever application running on ".35" hard coded to look to ".43"
    > > instead of some hostname, or the correct address?

    >
    > > >The ping back and forth from .46 and .35 is fine. Sounds very screwed
    > > >up. Please HELP!

    >
    > > Ping is a separate application, and apparently knows what address to
    > > contact. Your other unnamed application has a configuration error
    > > somewhere. *Have you _restarted_ that application, or is it configured
    > > to only look for the wrong address?

    >
    > > * * * * Old guy

    >
    > Thanks for your comments.
    >
    > Found out that ping from .35 to .46 is successful. But from .46 to .35
    > is unsuccessful. How weird is that? Should I consider replacing the
    > NIC?
    >
    > Thanks- Hide quoted text -
    >
    > - Show quoted text -


    I see the following entry in .46

    [root@npaxwebproxy1 sbin]# more /proc/net/arp
    IP address HW type Flags HW address
    Mask Device
    172.16.170.35 0x1 0x0 00:00:00:00:00:00
    * eth0

    What does it mean? I can't do delete on that entry.

    Also .30 can ping .35 back and forth. That tells me the NIC in .35 is
    ok.

    Your help is appreciated.
    Thanks

  7. Re: How to delete an entry in ARP

    On Mon, 26 May 2008, in the Usenet newsgroup comp.os.linux.networking, in
    article ,
    soup_or_power@yahoo.com wrote:

    NOTE: Posting from groups.google.com (or some web-forums) dramatically
    reduces the chance of your post being seen. Find a real news server.

    >> (Moe Trin) wrote:


    >>> Stop trying to talk to that IP address. Your description is lacking
    >>> substantial details, but the host that this arp entry occurs on has
    >>> been told that it has to talk to 172.16.170.43 - as you don't give any
    >>> details, it's impossible to tell what - but there is some application
    >>> running that wants to talk to this address.

    >>
    >>>> My problem now is I can connect to port 1099 on .46 from .30 but not .
    >>>> 35.

    >>
    >>> And how are you trying to connect? What application is trying? Is
    >>> what-ever application running on ".35" hard coded to look to ".43"
    >>> instead of some hostname, or the correct address?


    >>>> The ping back and forth from .46 and .35 is fine. Sounds very screwed
    >>>> up. Please HELP!


    >> Found out that ping from .35 to .46 is successful. But from .46 to .35
    >> is unsuccessful. How weird is that? Should I consider replacing the
    >> NIC?


    This differs from what you wrote above about ping being fine. What did
    you change? No, this is not a NIC problem, nor cabling. You have some
    configuration error, but where - no details.

    >I see the following entry in .46


    >[root@npaxwebproxy1 sbin]# more /proc/net/arp
    >IP address HW type Flags HW address Mask Device
    >172.16.170.35 0x1 0x0 00:00:00:00:00:00 * eth0


    That means that some application on .46 has been told to talk to
    172.16.170.35, but 172.16.170.35 isn't answering an ARP.

    >Also .30 can ping .35 back and forth. That tells me the NIC in .35 is
    >ok.


    In host .30 and .35, run the command '/sbin/arp -an'
    In host .30, run the command 'ping -c1 .35' (correct the hostname as
    needed), and within sixty seconds run the command '/sbin/arp -an' again
    on BOTH system. You should see an entry for the "other" computer in
    each host. Now wait another 60 seconds, and repeat the '/sbin/arp -an'
    command. If no other application ON EITHER SYSTEM is trying to talk to
    the other computer, the arp entry should be gone.
    Repeat this test on the "other" computer.
    Repeat this test from the .46 computer and any others having problems
    talking.

    You could have a firewall problem - '/sbin/iptables -L' and see what
    firewall rules are on each computer. You could have a name resolution
    problem - '/sbin/arp -a' verses '/sbin/arp -an'. In that case, fix the
    DNS or put full hostnames/addresses into the /etc/hosts file on all
    systems.

    Old guy

  8. Re: How to delete an entry in ARP

    On May 26, 4:39*pm, ibupro...@painkiller.example.tld (Moe Trin) wrote:
    > On Mon, 26 May 2008, in the Usenet newsgroup comp.os.linux.networking, in
    > article ,
    >
    > soup_or_po...@yahoo.com wrote:
    >
    > NOTE: Posting from groups.google.com (or some web-forums) dramatically
    > reduces the chance of your post being seen. *Find a real news server.
    >
    >
    >
    >
    >
    > >> (Moe Trin) wrote:
    > >>> Stop trying to talk to that IP address. Your description is lacking
    > >>> substantial details, but the host that this arp entry occurs on has
    > >>> been told that it has to talk to 172.16.170.43 - as you don't give any
    > >>> details, it's impossible to tell what - but there is some application
    > >>> running that wants to talk to this address.

    >
    > >>>> My problem now is I can connect to port 1099 on .46 from .30 but not ..
    > >>>> 35.

    >
    > >>> And how are you trying to connect? What application is trying? Is
    > >>> what-ever application running on ".35" hard coded to look to ".43"
    > >>> instead of some hostname, or the correct address?
    > >>>> The ping back and forth from .46 and .35 is fine. Sounds very screwed
    > >>>> up. Please HELP!
    > >> Found out that ping from .35 to .46 is successful. But from .46 to .35
    > >> is unsuccessful. How weird is that? Should I consider replacing the
    > >> NIC?

    >
    > This differs from what you wrote above about ping being fine. What did
    > you change? * No, this is not a NIC problem, nor cabling. You have some
    > configuration error, but where - no details.
    >
    > >I see the following entry in .46
    > >[root@npaxwebproxy1 sbin]# more /proc/net/arp
    > >IP address * * HW type *Flags * * * HW address * * * * Mask * * Device
    > >172.16.170.35 *0x1 * * *0x0 * * * * 00:00:00:00:00:00 ** * * * *eth0

    >
    > That means that some application on .46 has been told to talk to
    > 172.16.170.35, but 172.16.170.35 isn't answering an ARP.
    >
    > >Also .30 can ping .35 back and forth. That tells me the NIC in .35 is
    > >ok.

    >
    > In host .30 and .35, run the command *'/sbin/arp -an'
    > In host .30, run the command 'ping -c1 .35' (correct the hostname as
    > needed), and within sixty seconds run the command '/sbin/arp -an' again
    > on BOTH system. You should see an entry for the "other" computer in
    > each host. * Now wait another 60 seconds, and repeat the '/sbin/arp -an'
    > command. If no other application ON EITHER SYSTEM is trying to talk to
    > the other computer, the arp entry should be gone.
    > Repeat this test on the "other" computer.
    > Repeat this test from the .46 computer and any others having problems
    > talking.
    >
    > You could have a firewall problem - '/sbin/iptables -L' and see what
    > firewall rules are on each computer. *You could have a name resolution
    > problem - '/sbin/arp -a' verses '/sbin/arp -an'. *In that case, fix the
    > DNS or put full hostnames/addresses into the /etc/hosts file on all
    > systems.
    >
    > * * * * Old guy- Hide quoted text -
    >
    > - Show quoted text -


    I did all the steps delineated above.

    The ping between .35 and .30 works both ways.

    Also the ping between .30 and .46 works both ways.

    The ping from .35 to .46 works fine

    However the ping from .46 to .35 does not work.

    Thanks for your help. I think I need more help.

  9. Re: How to delete an entry in ARP

    On May 27, 7:37*am, "soup_or_po...@yahoo.com"
    wrote:
    > On May 26, 4:39*pm, ibupro...@painkiller.example.tld (Moe Trin) wrote:
    >
    >
    >
    >
    >
    > > On Mon, 26 May 2008, in the Usenet newsgroup comp.os.linux.networking, in
    > > article ,

    >
    > > soup_or_po...@yahoo.com wrote:

    >
    > > NOTE: Posting from groups.google.com (or some web-forums) dramatically
    > > reduces the chance of your post being seen. *Find a real news server.

    >
    > > >> (Moe Trin) wrote:
    > > >>> Stop trying to talk to that IP address. Your description is lacking
    > > >>> substantial details, but the host that this arp entry occurs on has
    > > >>> been told that it has to talk to 172.16.170.43 - as you don't give any
    > > >>> details, it's impossible to tell what - but there is some application
    > > >>> running that wants to talk to this address.

    >
    > > >>>> My problem now is I can connect to port 1099 on .46 from .30 but not .
    > > >>>> 35.

    >
    > > >>> And how are you trying to connect? What application is trying? Is
    > > >>> what-ever application running on ".35" hard coded to look to ".43"
    > > >>> instead of some hostname, or the correct address?
    > > >>>> The ping back and forth from .46 and .35 is fine. Sounds very screwed
    > > >>>> up. Please HELP!
    > > >> Found out that ping from .35 to .46 is successful. But from .46 to .35
    > > >> is unsuccessful. How weird is that? Should I consider replacing the
    > > >> NIC?

    >
    > > This differs from what you wrote above about ping being fine. What did
    > > you change? * No, this is not a NIC problem, nor cabling. You have some
    > > configuration error, but where - no details.

    >
    > > >I see the following entry in .46
    > > >[root@npaxwebproxy1 sbin]# more /proc/net/arp
    > > >IP address * * HW type *Flags * * * HW address * * * * Mask * * Device
    > > >172.16.170.35 *0x1 * * *0x0 * * * * 00:00:00:00:00:00 ** * * * *eth0

    >
    > > That means that some application on .46 has been told to talk to
    > > 172.16.170.35, but 172.16.170.35 isn't answering an ARP.

    >
    > > >Also .30 can ping .35 back and forth. That tells me the NIC in .35 is
    > > >ok.

    >
    > > In host .30 and .35, run the command *'/sbin/arp -an'
    > > In host .30, run the command 'ping -c1 .35' (correct the hostname as
    > > needed), and within sixty seconds run the command '/sbin/arp -an' again
    > > on BOTH system. You should see an entry for the "other" computer in
    > > each host. * Now wait another 60 seconds, and repeat the '/sbin/arp -an'
    > > command. If no other application ON EITHER SYSTEM is trying to talk to
    > > the other computer, the arp entry should be gone.
    > > Repeat this test on the "other" computer.
    > > Repeat this test from the .46 computer and any others having problems
    > > talking.

    >
    > > You could have a firewall problem - '/sbin/iptables -L' and see what
    > > firewall rules are on each computer. *You could have a name resolution
    > > problem - '/sbin/arp -a' verses '/sbin/arp -an'. *In that case, fix the
    > > DNS or put full hostnames/addresses into the /etc/hosts file on all
    > > systems.

    >
    > > * * * * Old guy- Hide quoted text -

    >
    > > - Show quoted text -

    >
    > I did all the steps delineated above.
    >
    > The ping between .35 and .30 works both ways.
    >
    > Also the ping between .30 and .46 works both ways.
    >
    > The ping from .35 to .46 works fine
    >
    > However the ping from .46 to .35 does not work.
    >
    > Thanks for your help. I think I need more help.- Hide quoted text -
    >
    > - Show quoted text -



    Here is ARP table on .35

    [root@npaxwebprod0B tmp]# more /proc/net/arp
    IP address HW type Flags HW address
    Mask Device
    172.16.170.1 0x1 0x2 00:02:B3:B9:7F:02 *
    eth0
    172.16.170.46 0x1 0x6 00:13:72:588:E5
    * eth0
    172.16.170.30 0x1 0x2 00:19:B9A:63:8D
    * eth0

    Here is the ARP table on .46

    [root@npaxwebproxy1 sbin]# more /proc/net/arp
    IP address HW type Flags HW address
    Mask Device
    172.16.170.35 0x1 0x6 00:19:B9A:63:B0
    * eth0
    172.16.170.30 0x1 0x2 00:19:B9A:63:8D
    * eth0
    172.16.170.46 0x1 0x6 00:13:72:588:E5
    * eth0
    172.16.170.1 0x1 0x2 00:02:B3:B9:7F:02
    * eth0

    Here is the output of iptables -L on .35

    [root@npaxwebprod0B tmp]# /sbin/iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination


    Here is the output of iptables -L on .46

    [root@npaxwebproxy1 sbin]# /sbin/iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    RH-Firewall-1-INPUT all -- anywhere anywhere

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    RH-Firewall-1-INPUT all -- anywhere anywhere

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain RH-Firewall-1-INPUT (2 references)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere
    ACCEPT all -- anywhere anywhere
    ACCEPT all -- anywhere anywhere
    ACCEPT icmp -- anywhere anywhere icmp any
    ACCEPT ipv6-crypt-- anywhere anywhere
    ACCEPT ipv6-auth-- anywhere anywhere
    ACCEPT udp -- anywhere 224.0.0.251 udp dpt:
    5353
    ACCEPT udp -- anywhere anywhere udp
    dpt:ipp
    ACCEPT all -- anywhere anywhere state
    RELATED,ESTABLISHED
    ACCEPT tcp -- anywhere anywhere state NEW
    tcp dpt:http
    ACCEPT tcp -- anywhere anywhere state NEW
    tcp dpt:https
    ACCEPT tcp -- anywhere anywhere state NEW
    tcp dpt:ftp
    ACCEPT tcp -- anywhere anywhere state NEW
    tcp dpt:5902
    ACCEPT tcp -- anywhere anywhere state NEW
    tcp dpt:789
    ACCEPT tcp -- anywhere anywhere state NEW
    tcp dpt:81
    ACCEPT udp -- anywhere anywhere state NEW
    udp dpt:789
    ACCEPT udp -- anywhere anywhere state NEW
    udp dpt:ntp
    ACCEPT tcp -- anywhere anywhere state NEW
    tcp dpt:1099
    ACCEPT udp -- anywhere anywhere state NEW
    udp dpt:1099
    ACCEPT tcp -- anywhere anywhere state NEW
    tcp dpt:1098
    REJECT all -- anywhere anywhere reject-
    with icmp-host-prohibited



    Thanks

  10. Re: How to delete an entry in ARP

    On May 27, 7:47*am, "soup_or_po...@yahoo.com"
    wrote:
    > On May 27, 7:37*am, "soup_or_po...@yahoo.com"
    >
    >
    >
    >
    >
    > wrote:
    > > On May 26, 4:39*pm, ibupro...@painkiller.example.tld (Moe Trin) wrote:

    >
    > > > On Mon, 26 May 2008, in the Usenet newsgroup comp.os.linux.networking,in
    > > > article ,

    >
    > > > soup_or_po...@yahoo.com wrote:

    >
    > > > NOTE: Posting from groups.google.com (or some web-forums) dramatically
    > > > reduces the chance of your post being seen. *Find a real news server..

    >
    > > > >> (Moe Trin) wrote:
    > > > >>> Stop trying to talk to that IP address. Your description is lacking
    > > > >>> substantial details, but the host that this arp entry occurs on has
    > > > >>> been told that it has to talk to 172.16.170.43 - as you don't giveany
    > > > >>> details, it's impossible to tell what - but there is some application
    > > > >>> running that wants to talk to this address.

    >
    > > > >>>> My problem now is I can connect to port 1099 on .46 from .30 but not .
    > > > >>>> 35.

    >
    > > > >>> And how are you trying to connect? What application is trying?Is
    > > > >>> what-ever application running on ".35" hard coded to look to ".43"
    > > > >>> instead of some hostname, or the correct address?
    > > > >>>> The ping back and forth from .46 and .35 is fine. Sounds very screwed
    > > > >>>> up. Please HELP!
    > > > >> Found out that ping from .35 to .46 is successful. But from .46 to ..35
    > > > >> is unsuccessful. How weird is that? Should I consider replacing the
    > > > >> NIC?

    >
    > > > This differs from what you wrote above about ping being fine. What did
    > > > you change? * No, this is not a NIC problem, nor cabling. You have some
    > > > configuration error, but where - no details.

    >
    > > > >I see the following entry in .46
    > > > >[root@npaxwebproxy1 sbin]# more /proc/net/arp
    > > > >IP address * * HW type *Flags * * * HW address * * * * Mask * * Device
    > > > >172.16.170.35 *0x1 * * *0x0 * * * * 00:00:00:00:00:00** * * * *eth0

    >
    > > > That means that some application on .46 has been told to talk to
    > > > 172.16.170.35, but 172.16.170.35 isn't answering an ARP.

    >
    > > > >Also .30 can ping .35 back and forth. That tells me the NIC in .35 is
    > > > >ok.

    >
    > > > In host .30 and .35, run the command *'/sbin/arp -an'
    > > > In host .30, run the command 'ping -c1 .35' (correct the hostname as
    > > > needed), and within sixty seconds run the command '/sbin/arp -an' again
    > > > on BOTH system. You should see an entry for the "other" computer in
    > > > each host. * Now wait another 60 seconds, and repeat the '/sbin/arp -an'
    > > > command. If no other application ON EITHER SYSTEM is trying to talk to
    > > > the other computer, the arp entry should be gone.
    > > > Repeat this test on the "other" computer.
    > > > Repeat this test from the .46 computer and any others having problems
    > > > talking.

    >
    > > > You could have a firewall problem - '/sbin/iptables -L' and see what
    > > > firewall rules are on each computer. *You could have a name resolution
    > > > problem - '/sbin/arp -a' verses '/sbin/arp -an'. *In that case, fix the
    > > > DNS or put full hostnames/addresses into the /etc/hosts file on all
    > > > systems.

    >
    > > > * * * * Old guy- Hide quoted text -

    >
    > > > - Show quoted text -

    >
    > > I did all the steps delineated above.

    >
    > > The ping between .35 and .30 works both ways.

    >
    > > Also the ping between .30 and .46 works both ways.

    >
    > > The ping from .35 to .46 works fine

    >
    > > However the ping from .46 to .35 does not work.

    >
    > > Thanks for your help. I think I need more help.- Hide quoted text -

    >
    > > - Show quoted text -

    >
    > Here is ARP table on .35
    >
    > [root@npaxwebprod0B tmp]# more /proc/net/arp
    > IP address * * * HW type * * Flags * * * HW address
    > Mask * * Device
    > 172.16.170.1 * * 0x1 * * * * 0x2 * * * * 00:02:B3:B9:7F:02 * * *
    > eth0
    > 172.16.170.46 * *0x1 * * * * 0x6 * * * * 00:13:72:588:E5
    > * * * * *eth0
    > 172.16.170.30 * *0x1 * * * * 0x2 * * * * 00:19:B9A:63:8D
    > * * * * *eth0
    >
    > Here is the ARP table on .46
    >
    > [root@npaxwebproxy1 sbin]# more /proc/net/arp
    > IP address * * * HW type * * Flags * * * HW address
    > Mask * * Device
    > 172.16.170.35 * *0x1 * * * * 0x6 * * * * 00:19:B9A:63:B0
    > * * * * *eth0
    > 172.16.170.30 * *0x1 * * * * 0x2 * * * * 00:19:B9A:63:8D
    > * * * * *eth0
    > 172.16.170.46 * *0x1 * * * * 0x6 * * * * 00:13:72:588:E5
    > * * * * *eth0
    > 172.16.170.1 * * 0x1 * * * * 0x2 * * * * 00:02:B3:B9:7F:02
    > * * * * *eth0
    >
    > Here is the output of iptables -L on .35
    >
    > [root@npaxwebprod0B tmp]# /sbin/iptables -L
    > Chain INPUT (policy ACCEPT)
    > target * * prot opt source * * * * * * * destination
    >
    > Chain FORWARD (policy ACCEPT)
    > target * * prot opt source * * * * * * * destination
    >
    > Chain OUTPUT (policy ACCEPT)
    > target * * prot opt source * * * * * * * destination
    >
    > Here is the output of iptables -L on .46
    >
    > [root@npaxwebproxy1 sbin]# /sbin/iptables -L
    > Chain INPUT (policy ACCEPT)
    > target * * prot opt source * * * * * * * destination
    > RH-Firewall-1-INPUT *all *-- *anywhere * * * * * * anywhere
    >
    > Chain FORWARD (policy ACCEPT)
    > target * * prot opt source * * * * * * * destination
    > RH-Firewall-1-INPUT *all *-- *anywhere * * * * * * anywhere
    >
    > Chain OUTPUT (policy ACCEPT)
    > target * * prot opt source * * * * * * * destination
    >
    > Chain RH-Firewall-1-INPUT (2 references)
    > target * * prot opt source * * * * * * * destination
    > ACCEPT * * all *-- *anywhere * * * * * * anywhere
    > ACCEPT * * all *-- *anywhere * * * * * * anywhere
    > ACCEPT * * all *-- *anywhere * * * * * * anywhere
    > ACCEPT * * icmp -- *anywhere * * * * * * anywhere * * * * * *icmp any
    > ACCEPT * * ipv6-crypt-- *anywhere * * * * * * anywhere
    > ACCEPT * * ipv6-auth-- *anywhere * * * * * * anywhere
    > ACCEPT * * udp *-- *anywhere * * * * * * 224.0.0.251 * * * * udp dpt:
    > 5353
    > ACCEPT * * udp *-- *anywhere * * * * * * anywhere * * * * * *udp
    > dpt:ipp
    > ACCEPT * * all *-- *anywhere * * * * * * anywhere * * * * * *state
    > RELATED,ESTABLISHED
    > ACCEPT * * tcp *-- *anywhere * * * * * * anywhere * * * * * *state NEW
    > tcp dpt:http
    > ACCEPT * * tcp *-- *anywhere * * * * * * anywhere * * * * * *state NEW
    > tcp dpt:https
    > ACCEPT * * tcp *-- *anywhere * * * * * * anywhere * * * * * *state NEW
    > tcp dpt:ftp
    > ACCEPT * * tcp *-- *anywhere * * * * * * anywhere * * * * * *state NEW
    > tcp dpt:5902
    > ACCEPT * * tcp *-- *anywhere * * * * * * anywhere * * * * * *state NEW
    > tcp dpt:789
    > ACCEPT * * tcp *-- *anywhere * * * * * * anywhere * * * * * *state NEW
    > tcp dpt:81
    > ACCEPT * * udp *-- *anywhere * * * * * * anywhere * * * * * *state NEW
    > udp dpt:789
    > ACCEPT * * udp *-- *anywhere * * * * * * anywhere * * * * * *state NEW
    > udp dpt:ntp
    > ACCEPT * * tcp *-- *anywhere * * * * * * anywhere * * * * * *state NEW
    > tcp dpt:1099
    > ACCEPT * * udp *-- *anywhere * * * * * * anywhere * * * * * *state NEW
    > udp dpt:1099
    > ACCEPT * * tcp *-- *anywhere * * * * * * anywhere * * * * * *state NEW
    > tcp dpt:1098
    > REJECT * * all *-- *anywhere * * * * * * anywhere * * * * * *reject-
    > with icmp-host-prohibited
    >
    > Thanks- Hide quoted text -
    >
    > - Show quoted text -


    I can't ping .21 from .46. From .21 to .46 the ping works fine. I can
    also ping .105, .100, .101, .102 from .46.
    Gets weirder.
    Thanks

  11. Re: How to delete an entry in ARP

    On Tue, 27 May 2008, in the Usenet newsgroup comp.os.linux.networking, in
    article <68bfa1c5-2809-469a-907b-e237f86d64f7@p25g2000hsf.googlegroups.com>,
    soup_or_power@yahoo.com wrote:

    NOTE: Posting from groups.google.com (or some web-forums) dramatically
    reduces the chance of your post being seen. Find a real news server.

    > wrote:


    >> wrote:


    >>> (Moe Trin) wrote:


    >>>> In host .30 and .35, run the command '/sbin/arp -an'
    >>>> In host .30, run the command 'ping -c1 .35' (correct the hostname as
    >>>> needed), and within sixty seconds run the command '/sbin/arp -an' again
    >>>> on BOTH system. You should see an entry for the "other" computer in
    >>>> each host. Now wait another 60 seconds, and repeat the '/sbin/arp -an'
    >>>> command. If no other application ON EITHER SYSTEM is trying to talk to
    >>>> the other computer, the arp entry should be gone.
    >>>> Repeat this test on the "other" computer.
    >>>> Repeat this test from the .46 computer and any others having problems
    >>>> talking.


    >>> I did all the steps delineated above.

    >>
    >>> The ping between .35 and .30 works both ways.

    >>
    >>> Also the ping between .30 and .46 works both ways.

    >>
    >>> The ping from .35 to .46 works fine

    >>
    >>> However the ping from .46 to .35 does not work.


    And the exact error message is...

    >> Here is ARP table on .35


    Try using the '/sbin/arp -an' command.

    >> [root@npaxwebprod0B tmp]# more /proc/net/arp


    An Intel (.1) and two kinds of Dell

    >> Here is the ARP table on .46


    That says .35 can see .46 and vice versa. Problem isn't at this level
    Not used to this output, but find it unusual to see one's own MAC in
    the ARP cache. This NORMALLY does not occur, because when "talking" to
    oneself, one would use the Loopback interface which has no MAC. Look
    at the output of '/sbin/ifconfig -a' and pay attention to the Transmit
    and Receive counts. Use the command 'ping -c1 some.other.host' and
    look again at the ifconfig output - the counts for the eth0 interface
    should have incremented, showing the packets went out and back on that
    interface. Then repeat, but ping one's own IP address. The counts for
    the eth0 interface should only reflect any _other_ external traffic,
    while the pings show up as increments in the 'lo' line.

    >> Here is the output of iptables -L on .35


    OK - essentially no firewall

    >> Here is the output of iptables -L on .46


    More complicated, but looks OK

    >I can't ping .21 from .46. From .21 to .46 the ping works fine. I can
    >also ping .105, .100, .101, .102 from .46.


    What is the exact command used to ping. What is the exact error message.

    >Gets weirder.


    Does .46 have a packet sniffer installed (tcpdump, ethereal, wireshark
    or similar)?

    Old guy

  12. Re: How to delete an entry in ARP

    On May 27, 4:10*pm, ibupro...@painkiller.example.tld (Moe Trin) wrote:
    > On Tue, 27 May 2008, in the Usenet newsgroup comp.os.linux.networking, in
    > article <68bfa1c5-2809-469a-907b-e237f86d6...@p25g2000hsf.googlegroups.com>,
    >
    > soup_or_po...@yahoo.com wrote:
    >
    > NOTE: Posting from groups.google.com (or some web-forums) dramatically
    > reduces the chance of your post being seen. *Find a real news server.
    >
    >
    >
    >
    >
    > > wrote:
    > >> wrote:
    > >>> (Moe Trin) wrote:
    > >>>> In host .30 and .35, run the command '/sbin/arp -an'
    > >>>> In host .30, run the command 'ping -c1 .35' (correct the hostname as
    > >>>> needed), and within sixty seconds run the command '/sbin/arp -an' again
    > >>>> on BOTH system. You should see an entry for the "other" computer in
    > >>>> each host. Now wait another 60 seconds, and repeat the '/sbin/arp -an'
    > >>>> command. If no other application ON EITHER SYSTEM is trying to talk to
    > >>>> the other computer, the arp entry should be gone.
    > >>>> Repeat this test on the "other" computer.
    > >>>> Repeat this test from the .46 computer and any others having problems
    > >>>> talking.
    > >>> I did all the steps delineated above.

    >
    > >>> The ping between .35 and .30 works both ways.

    >
    > >>> Also the ping between .30 and .46 works both ways.

    >
    > >>> The ping from .35 to .46 works fine

    >
    > >>> However the ping from .46 to .35 does not work.

    >
    > And the exact error message is...
    >
    > >> Here is ARP table on .35

    >
    > Try using the '/sbin/arp -an' command.
    >
    > >> [root@npaxwebprod0B tmp]# more /proc/net/arp

    >
    > An Intel (.1) and two kinds of Dell
    >
    > >> Here is the ARP table on .46

    >
    > That says .35 can see .46 and vice versa. Problem isn't at this level
    > Not used to this output, but find it unusual to see one's own MAC in
    > the ARP cache. This NORMALLY does not occur, because when "talking" to
    > oneself, one would use the Loopback interface which has no MAC. Look
    > at the output of '/sbin/ifconfig -a' and pay attention to the Transmit
    > and Receive counts. *Use the command 'ping -c1 some.other.host' and
    > look again at the ifconfig output - the counts for the eth0 interface
    > should have incremented, showing the packets went out and back on that
    > interface. Then repeat, but ping one's own IP address. The counts for
    > the eth0 interface should only reflect any _other_ external traffic,
    > while the pings show up as increments in the 'lo' line.
    >
    > >> Here is the output of iptables -L on .35

    >
    > OK - essentially no firewall
    >
    > >> Here is the output of iptables -L on .46

    >
    > More complicated, but looks OK
    >
    > >I can't ping .21 from .46. From .21 to .46 the ping works fine. I can
    > >also ping .105, .100, .101, .102 from .46.

    >
    > What is the exact command used to ping. What is the exact error message.
    >
    > >Gets weirder.

    >
    > Does .46 have a packet sniffer installed (tcpdump, ethereal, wireshark
    > or similar)?
    >
    > * * * * Old guy- Hide quoted text -
    >
    > - Show quoted text -


    My company hired a linux expert. No reboot, network change or NIC
    replacement. Wonder how he did it.
    Many thanks for your help

  13. Re: How to delete an entry in ARP

    X-No-Archive: Yes

    On May 27, 4:10*pm, ibupro...@painkiller.example.tld (Moe Trin) wrote:
    > On Tue, 27 May 2008, in the Usenet newsgroup comp.os.linux.networking, in
    > article <68bfa1c5-2809-469a-907b-e237f86d6...@p25g2000hsf.googlegroups.com>,
    >
    > soup_or_po...@yahoo.com wrote:
    >
    > NOTE: Posting from groups.google.com (or some web-forums) dramatically
    > reduces the chance of your post being seen. *Find a real news server.
    >
    >
    >
    >
    >
    > > wrote:
    > >> wrote:
    > >>> (Moe Trin) wrote:
    > >>>> In host .30 and .35, run the command '/sbin/arp -an'
    > >>>> In host .30, run the command 'ping -c1 .35' (correct the hostname as
    > >>>> needed), and within sixty seconds run the command '/sbin/arp -an' again
    > >>>> on BOTH system. You should see an entry for the "other" computer in
    > >>>> each host. Now wait another 60 seconds, and repeat the '/sbin/arp -an'
    > >>>> command. If no other application ON EITHER SYSTEM is trying to talk to
    > >>>> the other computer, the arp entry should be gone.
    > >>>> Repeat this test on the "other" computer.
    > >>>> Repeat this test from the .46 computer and any others having problems
    > >>>> talking.
    > >>> I did all the steps delineated above.

    >
    > >>> The ping between .35 and .30 works both ways.

    >
    > >>> Also the ping between .30 and .46 works both ways.

    >
    > >>> The ping from .35 to .46 works fine

    >
    > >>> However the ping from .46 to .35 does not work.

    >
    > And the exact error message is...
    >
    > >> Here is ARP table on .35

    >
    > Try using the '/sbin/arp -an' command.
    >
    > >> [root@npaxwebprod0Btmp]# more /proc/net/arp

    >
    > An Intel (.1) and two kinds of Dell
    >
    > >> Here is the ARP table on .46

    >
    > That says .35 can see .46 and vice versa. Problem isn't at this level
    > Not used to this output, but find it unusual to see one's own MAC in
    > the ARP cache. This NORMALLY does not occur, because when "talking" to
    > oneself, one would use the Loopback interface which has no MAC. Look
    > at the output of '/sbin/ifconfig -a' and pay attention to the Transmit
    > and Receive counts. *Use the command 'ping -c1 some.other.host' and
    > look again at the ifconfig output - the counts for the eth0 interface
    > should have incremented, showing the packets went out and back on that
    > interface. Then repeat, but ping one's own IP address. The counts for
    > the eth0 interface should only reflect any _other_ external traffic,
    > while the pings show up as increments in the 'lo' line.
    >
    > >> Here is the output of iptables -L on .35

    >
    > OK - essentially no firewall
    >
    > >> Here is the output of iptables -L on .46

    >
    > More complicated, but looks OK
    >
    > >I can't ping .21 from .46. From .21 to .46 the ping works fine. I can
    > >also ping .105, .100, .101, .102 from .46.

    >
    > What is the exact command used to ping. What is the exact error message.
    >
    > >Gets weirder.

    >
    > Does .46 have a packet sniffer installed (tcpdump, ethereal, wireshark
    > or similar)?
    >
    > * * * * Old guy- Hide quoted text -
    >
    > - Show quoted text -


    Hi Moe Trin

    My employer is disciplining me regarding posting company data.

    Could you kindly remove the following posts where you quoted my
    message?

    slrng3m7v3.e2t.ibuprofin@compton.phx.az.us
    slrng3oqlu.8gl.ibuprofin@compton.phx.az.us
    slrng3jvb1.org.ibuprofin@compton.phx.az.us

    The following URL will enable you to remove the posts:


    http://groups.google.com/groups/msgs_remove

    Many thanks for your help


  14. Re: How to delete an entry in ARP

    On Fri, 25 Jul 2008 04:45:47 -0700, soup_or_power@yahoo.com rearranged
    some electrons to say:


    > My employer is disciplining me regarding posting company data.
    >
    > Could you kindly remove the following posts where you quoted my message?
    >
    > The following URL will enable you to remove the posts:
    >
    >
    > http://groups.google.com/groups/msgs_remove
    >
    >


    Google Groups is just one of thousands of servers that contain your posts.
    If your boss is as clueless as you are, maybe he won't fire you.

    http://en.wikipedia.org/wiki/Usenet


  15. Re: How to delete an entry in ARP

    X-No-Archive: Yes

    On Jul 25, 7:53*am, david wrote:
    > On Fri, 25 Jul 2008 04:45:47 -0700, soup_or_po...@yahoo.com rearranged
    > some electrons to say:
    >
    > > My employer is disciplining me regarding posting company data.

    >
    > > Could you kindly remove the following posts where you quoted my message?

    >
    > > The following URL will enable you to remove the posts:

    >
    > >http://groups.google.com/groups/msgs_remove

    >
    > Google Groups is just one of thousands of servers that contain your posts..
    > *If your boss is as clueless as you are, maybe he won't fire you.
    >
    > http://en.wikipedia.org/wiki/Usenet

    Hi David

    I am not disputing your assertion. Kindly remove your message in this
    thread as my company will only search google
    with my id and also use the google search. AFAIK there are no matches
    to my message outside the google
    archives.

    Your message id is

    g6cesg$mt3$1@aioe.org

    The URL http://groups.google.com/groups/msgs_remove

    Kindly understand my predicament and don't make my life more miserable
    than it already is

    Many thanks

  16. Re: How to delete an entry in ARP

    On Fri, 25 Jul 2008 04:59:49 -0700, soup_or_power@yahoo.com rearranged
    some electrons to say:

    > X-No-Archive: Yes
    >
    > On Jul 25, 7:53Â*am, david wrote:
    >> On Fri, 25 Jul 2008 04:45:47 -0700, soup_or_po...@yahoo.com rearranged
    >> some electrons to say:
    >>
    >> > My employer is disciplining me regarding posting company data.

    >>
    >> > Could you kindly remove the following posts where you quoted my
    >> > message?

    >>
    >> > The following URL will enable you to remove the posts:

    >>
    >> >http://groups.google.com/groups/msgs_remove

    >>
    >> Google Groups is just one of thousands of servers that contain your
    >> posts.
    >> Â*If your boss is as clueless as you are, maybe he won't fire you.
    >>
    >> http://en.wikipedia.org/wiki/Usenet

    > Hi David
    >
    > I am not disputing your assertion. Kindly remove your message in this
    > thread as my company will only search google with my id and also use the
    > google search. AFAIK there are no matches to my message outside the
    > google
    > archives.
    >
    > Your message id is
    >
    > g6cesg$mt3$1@aioe.org
    >
    > The URL http://groups.google.com/groups/msgs_remove
    >
    > Kindly understand my predicament and don't make my life more miserable
    > than it already is
    >
    > Many thanks


    You don't understand Usenet, do you? Your messages are archived on
    thousands of servers. As you can already see, since I am not posting
    from Google Groups, your request has no meaning. If your employer is as
    clueless as you are, they won't know enough to fire you.


  17. Re: How to delete an entry in ARP

    X-No-Archive: Yes

    On Jul 25, 8:08*am, david wrote:
    > On Fri, 25 Jul 2008 04:59:49 -0700, soup_or_po...@yahoo.com rearranged
    > some electrons to say:
    >
    >
    >
    >
    >
    > > X-No-Archive: Yes

    >
    > > On Jul 25, 7:53*am, david wrote:
    > >> On Fri, 25 Jul 2008 04:45:47 -0700, soup_or_po...@yahoo.com rearranged
    > >> some electrons to say:

    >
    > >> > My employer is disciplining me regarding posting company data.

    >
    > >> > Could you kindly remove the following posts where you quoted my
    > >> > message?

    >
    > >> > The following URL will enable you to remove the posts:

    >
    > >> >http://groups.google.com/groups/msgs_remove

    >
    > >> Google Groups is just one of thousands of servers that contain your
    > >> posts.
    > >> *If your boss is as clueless as you are, maybe he won't fire you.

    >
    > >>http://en.wikipedia.org/wiki/Usenet

    > > Hi David

    >
    > > I am not disputing your assertion. Kindly remove your message in this
    > > thread as my company will only search google with my id and also use the
    > > google search. AFAIK there are no matches to my message outside the
    > > google
    > > archives.

    >
    > > Your message id is

    >
    > > g6cesg$mt...@aioe.org

    >
    > > The URLhttp://groups.google.com/groups/msgs_remove

    >
    > > Kindly understand my predicament and don't make my life more miserable
    > > than it already is

    >
    > > Many thanks

    >
    > You don't understand Usenet, do you? *Your messages are archived on
    > thousands of servers. * As you can already see, since I am not posting
    > from Google Groups, your request has no meaning. *If your employer is as
    > clueless as you are, they won't know enough to fire you.- Hide quoted text -
    >
    > - Show quoted text -


    Hi David

    I am not disputing you. I have been posting on Usenet for 20 years
    now. There are several archival sites as you said.
    The NNTP can propagate the request to delete the message. I think
    Google supports that. Also when the message
    is archived on tape/DVD/disk there is no way to access it online.
    Kindly understand my predicament
    and remove your messages in this thread.

    Thanks

    http://groups.google.com/groups/msgs_remove

+ Reply to Thread