# [SOLVED] arp traffic percolating upstream when it shouldn't

## ccosse

Hi, I have a Gentoo Home Router that is sending arp requests upstream when it shouldn't, and I need help to understand why.  The router obtains it's upstream ip via dhcp on eth0.  The router is a wifi hotspot,  essentially, serving a LAN out of wlan0 as well as running a web server on wlan0.  From a laptop connected via wifi to the router, if I browse to the router's webpages the traffic stops at the router and is not percolated upstream ... EXCEPT if I make a call to an AJAX function on the router, and then the router sends ARP requests upstream, which come back "Refused 0/0/0" ... and I think this is causing me timeout problems in certain situations.  Also, the ARP requests get transmitted upstream from the router if I ssh from wifi laptop to router (ssh root@192.168.66.1, in my case).

Here is my route cmd output:

```

rcrouter ~ # route

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

default         192.168.1.1     0.0.0.0         UG    3      0        0 eth0

loopback        rcrouter        255.0.0.0       UG    0      0        0 lo

192.168.1.0     *               255.255.255.0   U     3      0        0 eth0

192.168.66.0    *               255.255.255.0   U     0      0        0 wlan0

```

Here is tcpdump output showing ARP requests about wlan0 (192.168.66.1) being sent upstream and coming back "Refused".  What cuased this one, in particular, was plugging-in the following url: http://192.168.66.1/monitor/?what=get_data&fname=en0  (i.e. nothing harmless ... i think ... it's handled by a django urls.py file and does still get handled correctly ... but these refused ARP requests are some result of my configuration,  i think, and I'm having bad performance issues in general behind my Gentoo Home Router and think this is closely related to the cause ... hence why I'm asking):

```

11:08:19.690978 arp who-has 192.168.1.1 tell 192.168.1.246

11:08:19.691216 arp reply 192.168.1.1 is-at 54:42:49:e0:a9:28

11:08:19.691245 IP 192.168.1.246.42815 > 192.168.1.1.53: 32398+ PTR? 1.66.168.192.in-addr.arpa. (43)

11:08:20.159077 IP 192.168.1.1.53 > 192.168.1.246.42815: 32398 Refused 0/0/0 (43)

11:08:20.159741 IP 192.168.1.246.43560 > 192.168.1.1.53: 32398+ PTR? 1.66.168.192.in-addr.arpa. (43)

11:08:20.234608 IP 192.168.1.1.53 > 192.168.1.246.43560: 32398 Refused 0/0/0 (43)

```

Thank you for reading and helping me understand what's going on!

-CharlesLast edited by ccosse on Tue Nov 19, 2013 8:06 am; edited 1 time in total

----------

## eyoung100

The easiest way to fix this is to turn off the AJAX Remote Call, and upload the code that performs the AJAX functions to your webserver directly.  In your webpages that need the calls, update the link to refer to your local copy of the scripts.

Example:

Download the minified copy of JQuery from JQuery Downloads.

Install the scripts at /var/www/jquery

Use Relative Pathing in all your sites, or:

Download the minified copy of JQuery from JQuery Downloads.

Install the scripts at /var/www/<site 1>/jquery - This keeps the Calls limited to particular sites only, and increases security.  It's a PITA if you maintain many sites, as each site requiring jquery would need it's own copy.

Use Relative Pathing in all your sites.

----------

## ccosse

Well thanks for your reply eyoung100, but the ajax stuff kinda has to stay ... the python (django) backend then  communicates to an RPC server to exchange data.  Also I don't use JQuery (unless unknowingly via django, which probably yes) ... my xmlhttp requests are all done manually.

This also happens when I ssh to the router (from behind router), so it's not just web-traffic specific ... is there a way to fix it via my network configuration?

Thank you!

----------

## ccosse

 *eyoung100 wrote:*   

> The easiest way to fix this is to turn off the AJAX Remote Call, and upload the code that performs the AJAX functions to your webserver directly.

 

Wow, sorry I missed your point here ... but to answer this: there is no remote call happening ... well, actually it does induce an RPC call to itself on port 8005, but no calls to beyond the router.    Am I getting you correctly?  Thanks!

----------

## eyoung100

 *ccosse wrote:*   

> Well thanks for your reply eyoung100, but the ajax stuff kinda has to stay ... the python (django) backend then  communicates to an RPC server to exchange data.  Also I don't use JQuery (unless unknowingly via django, which probably yes) ... my xmlhttp requests are all done manually.
> 
> This also happens when I ssh to the router (from behind router), so it's not just web-traffic specific ... is there a way to fix it via my network configuration?
> 
> Thank you!

 

It all Works the same, except you have your own copy.  See Django Download, then follow my example, and integrate the local copy you download into your sites, and disable the CDN calls.  In short, your allowing your webserver to do the AJAX calls locally.

----------

## ccosse

 *eyoung100 wrote:*   

> It all Works the same, except you have your own copy.

 

This is not a django issue if it's happening for ssh traffic as well ... or am i missing something of what you are saying?

----------

## papahuhn

That is not a refused ARP request but a refused DNS request. For some reason (security policy?) the router's nameserver does not allow an external request for an internal IP.

----------

## ccosse

 *papahuhn wrote:*   

> That is not a refused ARP request but a refused DNS request. For some reason (security policy?) the router's nameserver does not allow an external request for an internal IP.

 

I think it is all due to my configuration here in my garage.  I tested the router today from a university network and no problems at all.  Here, however, I'm going through my droid phone's hotspot for service and that's who's refusing the dns request from the router.  So my theory here is that it's all Verizon's fault, one way or another.

----------

