It can be a little frustrating that you can access other devices but not the router, there are multiple causes to this problem.

Basic troubleshooting

It's probably a good idea to run a packet capture on the interface.
I'd suggest first running a capture on the interface that does not work, something like this:

sudo tcpdump -ni eth2 icmp and arp

This will capture ICMP and ARP traffic, now let the other machine ping the host. The "-n" will prevent doing reverse lookups on IP addresses, if you have a ton of traffic it will cause serious lag to your console since it does a lookup for every IP. Finally "-i XXX" will select the interface you wish to listen on.

If you receive no traffic on this interface, perhaps try doing it on every interface "-i any". If after this you still see no traffic it's probably a not the software itself but something else. Check all of your cables, VLAN configuration, ...

ARP Flux. Do you have two interfaces connected (Linux)?

When you have two interfaces connected which are not in a bond but are connected on the same network (VLAN or not) it might causes problems. Why?
By default the Linux kernel will respond to ARP requests on all interfaces even if that interface does not have the IP address assigned. This behaviour is called ARP Flux.

Take a look at the example below. Host B has two interfaces with two different addresses on the same network. Host A sends out an ARP request, Host B will receive this on both eth0 and eth1 however it might respond with the MAC-address of eth0 and thus Host A will send the packet to the "wrong" interface. Most of the times this is not a problem, however in a router situation this is something you probably don't want and can cause issues. So If you have a machine with multiple interfaces on the same network which are not bonded, you probably want to disable this.


Disabling the behaviour

You can disable this in the kernel by using sysctl config file. A detailed explanation of these configuration options can be found at:

net.ipv4.conf.all.arp_announce = 1
net.ipv4.conf.all.arp_ignore = 2

Blocked by firewall

If you actually receive the packets you are probably blocking something. If you are using VyOS with zone policies make sure you have the Local zone defined.

  • No labels