-1

I've got an ubuntu linux PC on a private 192.168.x.y LAN. It's got an IP on the 0 subnet (192.168.0.y) and is able to ping other PC's on the 0 subnet. It looked like the _gateway MAC address had been hardcoded, so I was unable to reach any other subnet until I read this article. It had me run sudo ip nei flush all so that my ARP table would be cleared. This worked initially but a little bit later I was unable to ping the PC again; the ARP table reverted to the old hardcoded MAC address for the _gateway entry in the ARP table. Where in linux would someone set up a periodic change of the MAC address for the _gateway entry in the ARP table?

Improve this question
2
  • I'm trying to understand why you believe the arp entry of the gateway makes reaching other subnets impossible ... can you please elaborate your on your reasoning there? Commented Sep 8, 2023 at 23:53
  • @tink We are able to reach our subnet cause those are basically wired connections. To reach devices outside our immediate subnet the gateway needs to route the traffic for us, if we aren't sending to the correct gateway how can we reach other subnets? This is my reasoning in addition to the fact that when I clear the gateway ARP entry, I am then able to reach other subnets, the gateway MAC is set to a different value, and after sometime (I've not been able to tell how long yet) the gateway ARP entry changes and I can no longer reach other subnets. Commented Sep 11, 2023 at 12:53

1 Answer 1

Reset to default
0

A periodic change like that could be set up in many ways, including but not limited to:

  • as a systemd *.timer unit activating a *.service unit with the same name
  • as a cron job, either in root's crontab, or in the crontab of some user that has sudo permissions
  • as a self-reloading at job, likewise.
  • as a daemonized script that runs in an infinite loop that makes the change and then sleeps for a period.

But there is something else that would also match your symptoms: an IP address conflict.

If the _gateway's IP address was accidentally assigned also to another system in the same subnet, then whenever your PC sent out an ARP query, both of them would answer using their own respective MAC addresses. Normally, the first response your PC receives would "win"... until the ARP cache expires and the "race" is repeated.

Which one would normally win would depend on the network topology, and relative CPU powers and network driver efficiencies of the real gateway and the "imposter".

If this is a simple mistake, then the "old hardcoded MAC" is actually the real MAC address of the conflicting device: make a note of the MAC address and check your devices. If you find a matching MAC address, you've found the culprit.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.