View previous topic :: View next topic |
Author |
Message |
ccosse Apprentice
Joined: 10 Mar 2004 Posts: 171 Location: Las Vegas, NV
|
Posted: Mon Nov 18, 2013 5:24 pm Post subject: [SOLVED] arp traffic percolating upstream when it shouldn't |
|
|
Hi, I have a Gentoo Home Router that is sending arp requests upstream when it shouldn't, and I need help to understand why. The router obtains it's upstream ip via dhcp on eth0. The router is a wifi hotspot, essentially, serving a LAN out of wlan0 as well as running a web server on wlan0. From a laptop connected via wifi to the router, if I browse to the router's webpages the traffic stops at the router and is not percolated upstream ... EXCEPT if I make a call to an AJAX function on the router, and then the router sends ARP requests upstream, which come back "Refused 0/0/0" ... and I think this is causing me timeout problems in certain situations. Also, the ARP requests get transmitted upstream from the router if I ssh from wifi laptop to router (ssh root@192.168.66.1, in my case).
Here is my route cmd output:
Code: |
rcrouter ~ # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.1.1 0.0.0.0 UG 3 0 0 eth0
loopback rcrouter 255.0.0.0 UG 0 0 0 lo
192.168.1.0 * 255.255.255.0 U 3 0 0 eth0
192.168.66.0 * 255.255.255.0 U 0 0 0 wlan0
|
Here is tcpdump output showing ARP requests about wlan0 (192.168.66.1) being sent upstream and coming back "Refused". What cuased this one, in particular, was plugging-in the following url: http://192.168.66.1/monitor/?what=get_data&fname=en0 (i.e. nothing harmless ... i think ... it's handled by a django urls.py file and does still get handled correctly ... but these refused ARP requests are some result of my configuration, i think, and I'm having bad performance issues in general behind my Gentoo Home Router and think this is closely related to the cause ... hence why I'm asking):
Code: |
11:08:19.690978 arp who-has 192.168.1.1 tell 192.168.1.246
11:08:19.691216 arp reply 192.168.1.1 is-at 54:42:49:e0:a9:28
11:08:19.691245 IP 192.168.1.246.42815 > 192.168.1.1.53: 32398+ PTR? 1.66.168.192.in-addr.arpa. (43)
11:08:20.159077 IP 192.168.1.1.53 > 192.168.1.246.42815: 32398 Refused 0/0/0 (43)
11:08:20.159741 IP 192.168.1.246.43560 > 192.168.1.1.53: 32398+ PTR? 1.66.168.192.in-addr.arpa. (43)
11:08:20.234608 IP 192.168.1.1.53 > 192.168.1.246.43560: 32398 Refused 0/0/0 (43)
|
Thank you for reading and helping me understand what's going on!
-Charles
Last edited by ccosse on Tue Nov 19, 2013 8:06 am; edited 1 time in total |
|
Back to top |
|
|
eyoung100 Veteran
Joined: 23 Jan 2004 Posts: 1428
|
Posted: Mon Nov 18, 2013 5:48 pm Post subject: |
|
|
The easiest way to fix this is to turn off the AJAX Remote Call, and upload the code that performs the AJAX functions to your webserver directly. In your webpages that need the calls, update the link to refer to your local copy of the scripts.
Example:
- Download the minified copy of JQuery from JQuery Downloads.
- Install the scripts at /var/www/jquery
- Use Relative Pathing in all your sites, or:
- Download the minified copy of JQuery from JQuery Downloads.
- Install the scripts at /var/www/<site 1>/jquery - This keeps the Calls limited to particular sites only, and increases security. It's a PITA if you maintain many sites, as each site requiring jquery would need it's own copy.
- Use Relative Pathing in all your sites.
_________________ The Birth and Growth of Science is the Death and Atrophy of Art -- Unknown
Registerd Linux User #363735
Adopt a Post | Strip Comments| Emerge Wrapper |
|
Back to top |
|
|
ccosse Apprentice
Joined: 10 Mar 2004 Posts: 171 Location: Las Vegas, NV
|
Posted: Mon Nov 18, 2013 5:57 pm Post subject: |
|
|
Well thanks for your reply eyoung100, but the ajax stuff kinda has to stay ... the python (django) backend then communicates to an RPC server to exchange data. Also I don't use JQuery (unless unknowingly via django, which probably yes) ... my xmlhttp requests are all done manually.
This also happens when I ssh to the router (from behind router), so it's not just web-traffic specific ... is there a way to fix it via my network configuration?
Thank you! |
|
Back to top |
|
|
ccosse Apprentice
Joined: 10 Mar 2004 Posts: 171 Location: Las Vegas, NV
|
Posted: Mon Nov 18, 2013 6:11 pm Post subject: |
|
|
eyoung100 wrote: | The easiest way to fix this is to turn off the AJAX Remote Call, and upload the code that performs the AJAX functions to your webserver directly. |
Wow, sorry I missed your point here ... but to answer this: there is no remote call happening ... well, actually it does induce an RPC call to itself on port 8005, but no calls to beyond the router. Am I getting you correctly? Thanks! |
|
Back to top |
|
|
eyoung100 Veteran
Joined: 23 Jan 2004 Posts: 1428
|
Posted: Mon Nov 18, 2013 6:14 pm Post subject: |
|
|
ccosse wrote: | Well thanks for your reply eyoung100, but the ajax stuff kinda has to stay ... the python (django) backend then communicates to an RPC server to exchange data. Also I don't use JQuery (unless unknowingly via django, which probably yes) ... my xmlhttp requests are all done manually.
This also happens when I ssh to the router (from behind router), so it's not just web-traffic specific ... is there a way to fix it via my network configuration?
Thank you! |
It all Works the same, except you have your own copy. See Django Download, then follow my example, and integrate the local copy you download into your sites, and disable the CDN calls. In short, your allowing your webserver to do the AJAX calls locally. _________________ The Birth and Growth of Science is the Death and Atrophy of Art -- Unknown
Registerd Linux User #363735
Adopt a Post | Strip Comments| Emerge Wrapper
Last edited by eyoung100 on Mon Nov 18, 2013 6:23 pm; edited 1 time in total |
|
Back to top |
|
|
ccosse Apprentice
Joined: 10 Mar 2004 Posts: 171 Location: Las Vegas, NV
|
Posted: Mon Nov 18, 2013 6:19 pm Post subject: |
|
|
eyoung100 wrote: | It all Works the same, except you have your own copy. |
This is not a django issue if it's happening for ssh traffic as well ... or am i missing something of what you are saying? |
|
Back to top |
|
|
papahuhn l33t
Joined: 06 Sep 2004 Posts: 626
|
Posted: Tue Nov 19, 2013 7:54 am Post subject: |
|
|
That is not a refused ARP request but a refused DNS request. For some reason (security policy?) the router's nameserver does not allow an external request for an internal IP. _________________ Death by snoo-snoo! |
|
Back to top |
|
|
ccosse Apprentice
Joined: 10 Mar 2004 Posts: 171 Location: Las Vegas, NV
|
Posted: Tue Nov 19, 2013 8:05 am Post subject: |
|
|
papahuhn wrote: | That is not a refused ARP request but a refused DNS request. For some reason (security policy?) the router's nameserver does not allow an external request for an internal IP. |
I think it is all due to my configuration here in my garage. I tested the router today from a university network and no problems at all. Here, however, I'm going through my droid phone's hotspot for service and that's who's refusing the dns request from the router. So my theory here is that it's all Verizon's fault, one way or another. |
|
Back to top |
|
|
|