Spurios IP address conflicts.

Posted on 1997-08-15
Last Modified: 2010-03-17
Blackstar is a linux box, ip .35 (I'll not type the first
three octets in this.)  It has a modem and runs pppd.
Three users each have a pppd account.  They have ip addresses of .38 .44 and .75.

When someone is dialing into the box, another machine on
my net will crash, or have network problems.  If rebooted,
I will typically get a message such as:

A machine with hardware address of 00:00:0C:FB:B2:C0 claims
to be .222 Net interface disabled.

Where .222 is the address of the machine in question.

Ifconfig and arp don't show any sign of 222.  I can't ping
222 when this is going on.

Question by:sherwood
  • 2
  • 2
  • 2
  • +3

Expert Comment

ID: 1586108
Is there any ethernet card with same MAC address ?


Expert Comment

ID: 1586109
Could one of your dialin clients be incorrectly configured, and be requesting the same IP address as another machine on the LAN?

Expert Comment

ID: 1586110
I have three questions:

1) Does .222 has its root file system on Blackstar??

2) Have any of these machines a gateway??

3) Which deamon are you using as dialin provider, parameters??

Give me a 'netstat -nr' when a ppp account is active
and a 'ps -ax' when blackstar is up 'n running.
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.


Author Comment

ID: 1586111
Regarding questions:
>>Is there any ethernet card with same MAC address ?
      No.  Our switching hub lists all the MAC addresses
that it is caching.  This MAC address is not on more than
the one segment.  In addition, MAC addresses are suppose to
be unique.  

>> Could one of your dialin clients be incorrectly configured, and be requesting the same IP address as another machine on the LAN?
      That was my first thought.  1. As far as I can tell
from the config files, Blackstar won't negotiate the IP.
Each dialin account has a unique IP, and that's it.  2. This is  borne out by running ifconfig when the connection occurs.  
Ifconfig shows that the pppd interface is up, and shows the
proper ip at the other end of it.  3.  If the machine at the
other end was actually 222, then a ping would normally elicit
a response.  
        Comment from margin...
>>I have three questions:

>>  1) Does .222 has its root file system on Blackstar??
      No. .222 is a win95 box.  And it won't always be .222
It sometimes will be .220 or .112  I think the Blackstar is
claiming to forward packets for these addresses.  

>>  2) Have any of these machines a gateway??
      The network as a whole has a gateway through .1.
In fact this is the primary reason that people dial in to
Blackstar is to get access to the net.

>>  3) Which deamon are you using as dialin provider, parameters??

>>      Clarify:  On the server or on the client.
      On the server we're running pppd that comes with linux.
There are a large and icky number of config files.  email
me ( if you want specifics.

                           Give me a 'netstat -nr' when a ppp account is active
                           and a 'ps -ax' when blackstar is up 'n running.

Expert Comment

ID: 1586112
A 'netstat -n' had help me to pick out this possibility:

All machines in your network has dynamic IP-addresses (included the dial-in machines). All this dynamic IP-addresses are whithin the same sub-network.
The machine which stands for the dynamic IP-adresses are blackstar and at least one other machine.

The pppd on blackstar has the option 'defaultroute' which means that the dial-in machine will be reached through a gateway on the default route.

This means that the rest of the network will be disabled when the default route on blackstar points to the dial-in machine (it had worked if the dial-in machine and the rest of the network were on different sub-nets...).
When another machine is trying to 'contact' blackstar, blackstar receives the message but are unable to answer since the answer will be sent to the dial-in machine.

The strange message will appear after reboot of another machine if it get an new IP-adress after reboot and has any nfs-history on blackstar before the reboot(and before the dial-in machine appeared).

Possibly solution:
Give the dial-in machines another sub-net IP.

I get the feeling that this is not a possibility.

Mail me if I'm right

Expert Comment

ID: 1586113
Are the other three dial up machines on a separate network ie by this I mean are they on a LAN or have network cards inside them??

Expert Comment

ID: 1586114
It's pretty brute-force, but given your small number of systems, couldn't you just subnet?  At least give it a try.  Put the dialup systems' IP addresses on one subnet, and the ethernet systems' addresses on the other.  Even if it doesn't address the root problem, it ought to isolate it such that things work again.


Author Comment

ID: 1586115
Why would subneting work?  
This still wouldn't stop the rogue machine from claiming a
false IP.

Doing so would be difficult.  To subnet, I'd have to change the
netmask on all my machines (some 180 of them)  On top of that,
a mask that would include all three of hte other machines,
but not require that I re-assign a third of my net to new ip's
would be impossible.  Changing the home machines is not polically
pracatical until I can 'prove' which machine is mis-behaving.

Accepted Solution

eckspurt earned 200 total points
ID: 1586116
You said you'd established that the rogue machine is not claiming a false IP.

Now where are these 180 other machines?  You didn't mention them in the text of the question.  Blackstar is acting as a router, here, so the dialup systems have to be on a subnet that Blackstar can claim to be routing to.  The other option would be to set up IP Masquerading.  

If you're not ready to try these and you want more help, at least give us a better idea what your network looks like.  Are these 180 systems behind a netmask?  What's the upstream router's address (last octet, at least)?  Will the upstream router trust Blackstar to announce routing for another network (like the private 10.0.0 net)?  Is this all behind a firewall?


Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question