Server(proxmox?) claims foreign IP-Adress

R

rh3

New Member
Feb 12, 2015
3
0
1
Hi there,

i have a serious problem with my root server, according to my ISP (Serverhoster) my Server (MAC) responds ARP-Requests, claiming to possess foreign ip-adresses (in the same subnet).

Actually i have no idea why it does so, all ip configurations are static.

i also have some openct vms running with vmbr0 as well as veth0(just "set" an ip adress)
afaik, the veth0 is bridging the eth0 interface so its possible for VMs to claim foreign ip adresses, but my ip configurations are static and i never set foreign adresses since i'm using a private subnet like 192.168.x.y, combined with NAT/MASQUERADE via iptables.
can NAT/MASQUERADE result in overtaking ip-addresses?

my hoster cut understandably the network connection so i can only perform "dry" debugging via vnc/kvm, is there a way to virtually turn eth0 so i can analyze the network traffic?

greetings and thank you for helping :)
 
Hello rh3,

rh3 said:
i also have some openct vms running with vmbr0 as well as veth0(just "set" an ip adress)
Click to expand...

"Just set" an IP address in a container is venet0 and not veth - in that case is not bridged either, it is - seen from outside - like an additional address assigned in the host.

rh3 said:
afaik, the veth0 is bridging the eth0 interface so its possible for VMs to claim foreign ip adresses, but my ip configurations are static and i never
set foreign adresses since i'm using a private subnet like 192.168.x.y, combined with NAT/MASQUERADE via iptables.
can NAT/MASQUERADE result in overtaking ip-addresses?
Click to expand...

No - but it´s question if you have bridges and veth - see above.

It can be clarified if you post your configuration file

/etc/pve/openvz/<ct-id>.conf

rh3 said:
my hoster cut understandably the network connection so i can only perform "dry" debugging via vnc/kvm, is there a way to virtually turn eth0 so i can analyze the network traffic?
Click to expand...

Wouldn´t it be possible getting from your ISP the details about what is going wrong? Then you can make virtual NICs in order to reproduce and study the error case.

Kind regards

Mr.Holmes
 
actually they just sent a copy of an ARP-reply given by a NIC wich has my MAC:
13:32:34.582503 b0:c6:9a:69:04:8a > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 144.76.72.235 tell 144.76.72.225, length 46 13:32:34.994346 08:60:6e:69:59:78 > b0:c6:9a:69:04:8a, ethertype ARP (0x0806), length 60: Reply 144.76.72.235 is-at 08:60:6e:69:59:78, length 46
Click to expand...
so now where deos this reply come from? most likely from my machine, but on my machine, beside proxmox, there is not running much.

Mr.Holmes said:
Hello rh3,
"Just set" an IP address in a container is venet0 and not veth - in that case is not bridged either, it is - seen from outside - like an additional address assigned in the host.

No - but it´s question if you have bridges and veth - see above.
It can be clarified if you post your configuration file
/etc/pve/openvz/<ct-id>.conf
Click to expand...
acutally the machine is offline atm. so i cannot just post all configs but screenshooting them
but i did a
cat /etc/pve/openvz/*conf|grep 235
cat /etc/pve/openvz/*conf|grep 144\.76\.72\.235
and there was no output.

Wouldn´t it be possible getting from your ISP the details about what is going wrong? Then you can make virtual NICs in order to reproduce and study the error case.

Kind regards

Mr.Holmes
Click to expand...
Thanks for your help, i appreciate it!
can "bridging" make my NIC go online even if the plug is pulled?

What else kind of information could i ask my hoster for?

i can request a KVM console for 3 hours but not up/dowload anything :-/
 
Hello rh3

rh3 said:
actually they just sent a copy of an ARP-reply given by a NIC wich has my MAC:

08:60:6e:69:59:78 144.76.72.235
Click to expand...

Your next step should be now to verify the configuration related to the NIC which has that MAC carefully:

- is it used in a bridge?

- is it used for a virtual NIC (too)?

- check also the configuration inside your VMs and CTs!

- occurs somewhere the address 144.76.72.235? Where ever it is, in the host, a CM or a CT (not only in the mentioned ".conf" files!)

If all the above is not the case your provoder is probably wrong - in this case: maybe somebody else has "stolen" your MAC address (such things can happen - and the same MAC address twice in a subnet causes total confusion)!?


rh3 said:
can "bridging" make my NIC go online even if the plug is pulled?
Click to expand...

No - it remains in that case within your (virtual) environment


rh3 said:
What else kind of information could i ask my hoster for?
Click to expand...

To get a least a virtual console ithout time limitation in order to investigate your environment. Verify then with tcpdump what really happens at your NIC.

Kind regards

Mr.Holmes
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back