Hi Alain,

My router can ping the internet fine, just not my linux box which is behind the router.

-------------

PureGate#ping 4.2.2.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 16/22/28 ms

--------------

The strange thing is, all the windows boxes were okay, the mac boxes were having stability issues until I took out the "import all" from the dhcp pool  below.

------------

ip dhcp pool ccp-pool1

   import all                     <----  REMOVED, helped with mac laptop's internet stability issues.

   network 10.2.2.0 255.255.255.0

   default-router 10.2.2.1    <-- Regarding the default-router, should I put in the router's IP address or the default gateway from the ISP?

   dns-server 10.2.2.1        <-- same question, should I use the router as a dns server, or use the ISP's dns server?

   domain-name local

Hi,

default-router 10.2.2.1    <-- Regarding the default-router, 
should I put in the router's IP address or the default gateway from the 
ISP?
dns-server 10.2.2.1        <-- same question, should I use the router as a dns server, or use the ISP's dns server?

for default-router : you must put the router ip address  because this is the default gw your machines will use and it must be in the same subnet as the hosts

for dns-server: you can give ip of ISP dns server or the router but then you must configure your router as a caching router.

Is anything in this dhcp pool above not setup correctly so that linux boxes cannot receive dhcp properly?

No looking at this pool config there is nothing unusual. and your ping proves this box was using the good default-router

Could you post the entire running as well as output from ip config of windows and linux

Regards.

Alain.

Hello Alain,

Here is my entire running config, I really appreciate the help.  I have also attached the ipconfig /all of the windows laptop I am using (internet working), and the ifconfig -a of the linux server (internet not working) as well as the routing table for both.

Kuangwei

========= Cisco 861 router ==============

Building configuration...

Current configuration : 16638 bytes

!

! Last configuration change at 12:06:11 PCTime Mon Jan 24 2011 by admin

! NVRAM config last updated at 12:06:28 PCTime Mon Jan 24 2011 by admin

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname PureGate

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

logging buffered 51200 informational

enable secret 5 asdfasdf

enable password 7 asdfasdf

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication login ciscocp_vpn_xauth_ml_1 local

aaa authorization exec default local

aaa authorization network ciscocp_vpn_group_ml_1 local

!

!

aaa session-id common

clock timezone PCTime -8

clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00

!

crypto pki trustpoint TP-self-signed-1341234

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1234234

revocation-check none

rsakeypair TP-self-signed-12341234

!

crypto pki trustpoint test_trustpoint_config_created_for_sdm

subject-name e=sdmtest@sdmtest.com

revocation-check crl

!

!

crypto pki certificate chain TP-self-signed-asdfasdf

certificate self-signed 01

  aasdfasdfasdf

  quit

crypto pki certificate chain test_trustpoint_config_created_for_sdm

no ip source-route

!

ip dhcp pool ccp-pool1

   network 10.2.2.0 255.255.255.0

   default-router 10.2.2.1

   dns-server 64.17.248.2

   domain-name local

!

!

ip dhcp update dns

ip cef

ip domain name local

ip host local ns ns.local

ip host trac.local 10.2.2.7

ip host ns.local 10.2.2.1

ip host-list members.dyndns.org

ip host-list company.dyndns.org

ip name-server 64.17.248.2

ip name-server 69.38.208.20

ip name-server 64.17.248.20

ip name-server 69.38.208.2

ip ddns update method ccp_ddns1

HTTP

  add http://company:password@members.dyndns.org/nic/update?system=dyndns&hostname=password@members.dyndns.org/nic/update?system=dyndns&hostname=&myip=

  remove http://company:password@members.dyndns.org/nic/update?system=dyndns&hostname=password@members.dyndns.org/nic/update?system=dyndns&hostname=&myip=

interval maximum 28 0 0 0

interval minimum 28 0 0 0

!

ip dhcp-client update dns server both

!

!

parameter-map type regex ccp-regex-nonascii

pattern [^\x00-\x80]

parameter-map type protocol-info msn-servers

server name messenger.hotmail.com

server name gateway.messenger.hotmail.com

server name webmessenger.msn.com

parameter-map type protocol-info aol-servers

server name login.oscar.aol.com

server name toc.oscar.aol.com

server name oam-d09a.blue.aol.com

parameter-map type protocol-info yahoo-servers

server name scs.msg.yahoo.com

server name scsa.msg.yahoo.com

server name scsb.msg.yahoo.com

server name scsc.msg.yahoo.com

server name scsd.msg.yahoo.com

server name cs16.msg.dcn.yahoo.com

server name cs19.msg.dcn.yahoo.com

server name cs42.msg.dcn.yahoo.com

server name cs53.msg.dcn.yahoo.com

server name cs54.msg.dcn.yahoo.com

server name ads1.vip.scd.yahoo.com

server name radio1.launch.vip.dal.yahoo.com

server name in1.msg.vip.re2.yahoo.com

server name data1.my.vip.sc5.yahoo.com

server name address1.pim.vip.mud.yahoo.com

server name edit.messenger.yahoo.com

server name messenger.yahoo.com

server name http.pager.yahoo.com

server name privacy.yahoo.com

server name csa.yahoo.com

server name csb.yahoo.com

server name csc.yahoo.com

!

!

username admin privilege 15 secret 5 adsfasdfa

!

crypto logging ezvpn

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp client configuration address-pool local SDM_POOL_1

!

crypto isakmp client configuration group Company

key adsfsdfasdf

dns 4.2.2.1 4.2.2.2

pool SDM_POOL_1

acl 102

include-local-lan

max-users 100

netmask 255.255.255.0

banner ^CWelcome to Company VPN!  Split tunneling is enabled.      ^C

!

crypto isakmp profile ciscocp-ike-profile-1

   match identity group Comapny

   client authentication list ciscocp_vpn_xauth_ml_1

   isakmp authorization list ciscocp_vpn_group_ml_1

   client configuration address respond

   virtual-template 1

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto ipsec profile CiscoCP_Profile1

set security-association idle-time 3600

set transform-set ESP-3DES-SHA

set isakmp-profile ciscocp-ike-profile-1

!

!

crypto ctcp port 10000

archive

log config

  hidekeys

!

!

ip tcp synwait-time 10

!

class-map type inspect match-any SDM_HTTPS

match access-group name SDM_HTTPS

class-map type inspect match-any SDM_SSH

match access-group name SDM_SSH

class-map type inspect match-any SDM_SHELL

match access-group name SDM_SHELL

class-map type inspect match-any sdm-cls-access

match class-map SDM_HTTPS

match class-map SDM_SSH

match class-map SDM_SHELL

class-map type inspect imap match-any ccp-app-imap

match  invalid-command

class-map type inspect match-any SDM_AH

match access-group name SDM_AH

class-map type inspect match-any CCP-Voice-permit

match protocol h323

match protocol skinny

match protocol sip

class-map type inspect match-any ccp-cls-insp-traffic

match protocol cuseeme

match protocol dns

match protocol ftp

match protocol h323

match protocol https

match protocol icmp

match protocol imap

match protocol pop3

class-map type inspect match-all ccp-insp-traffic

match class-map ccp-cls-insp-traffic

class-map type inspect match-any SDM_IP

match access-group name SDM_IP

class-map type inspect match-any SDM_ESP

match access-group name SDM_ESP

class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC

match protocol isakmp

match protocol ipsec-msft

match class-map SDM_AH

match class-map SDM_ESP

class-map type inspect match-all SDM_EASY_VPN_SERVER_PT

match class-map SDM_EASY_VPN_SERVER_TRAFFIC

class-map type inspect ymsgr match-any ccp-app-yahoo-otherservices

match  service any

class-map type inspect msnmsgr match-any ccp-app-msn-otherservices

match  service any

class-map type inspect match-any ccp-cls-icmp-access

match protocol icmp

match protocol tcp

match protocol udp

class-map type inspect match-any ccp-cls-protocol-im

match protocol ymsgr yahoo-servers

match protocol msnmsgr msn-servers

match protocol aol aol-servers

class-map type inspect aol match-any ccp-app-aol-otherservices

match  service any

class-map type inspect match-all ccp-protocol-pop3

match protocol pop3

class-map type inspect pop3 match-any ccp-app-pop3

match  invalid-command

class-map type inspect match-all sdm-access

match class-map sdm-cls-access

match access-group 101

class-map type inspect msnmsgr match-any ccp-app-msn

match  service text-chat

class-map type inspect ymsgr match-any ccp-app-yahoo

match  service text-chat

class-map type inspect match-all ccp-protocol-im

match class-map ccp-cls-protocol-im

class-map type inspect match-all ccp-invalid-src

match access-group 100

class-map type inspect match-all ccp-icmp-access

match class-map ccp-cls-icmp-access

class-map type inspect http match-any ccp-app-httpmethods

match  request method bcopy

match  request method bdelete

match  request method bmove

match  request method bpropfind

match  request method bproppatch

match  request method connect

match  request method copy

match  request method delete

match  request method edit

match  request method getattribute

match  request method getattributenames

match  request method getproperties

match  request method index

match  request method lock

match  request method mkcol

match  request method mkdir

match  request method move

match  request method notify

match  request method options

match  request method poll

match  request method propfind

match  request method proppatch

match  request method put

match  request method revadd

match  request method revlabel

match  request method revlog

match  request method revnum

match  request method save

match  request method search

match  request method setattribute

match  request method startrev

match  request method stoprev

match  request method subscribe

match  request method trace

match  request method unedit

match  request method unlock

match  request method unsubscribe

class-map type inspect http match-any ccp-http-blockparam

match  request port-misuse im

match  request port-misuse p2p

match  req-resp protocol-violation

class-map type inspect match-all ccp-protocol-imap

match protocol imap

class-map type inspect aol match-any ccp-app-aol

match  service text-chat

class-map type inspect match-all ccp-protocol-http

match protocol http

class-map type inspect http match-any ccp-http-allowparam

match  request port-misuse tunneling

!

!

!

!

interface Null0

no ip unreachables

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$

ip dhcp client update dns server none

ip ddns update hostname members.dyndns.org

ip ddns update ccp_ddns1

ip address 173.243.149.226 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip flow egress

ip nat outside

ip nat enable

ip virtual-reassembly

speed 100

full-duplex

!

interface Virtual-Template1 type tunnel

ip unnumbered Vlan1

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip flow egress

ip nat inside

ip virtual-reassembly

tunnel mode ipsec ipv4

tunnel protection ipsec profile CiscoCP_Profile1

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$

ip address 10.2.2.1 255.255.255.0

no ip redirects

no ip unreachables

ip flow ingress

ip flow egress

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

ip local pool SDM_POOL_1 10.2.2.100 10.2.2.254

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 FastEthernet4

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip flow-top-talkers

top 100

sort-by bytes

cache-timeout 1000

!

ip dns server

ip dns primary local soa ns.local kwh@pureconduit.com 21600 900 7776000 86400

ip nat inside source list 1 interface FastEthernet4 overload

ip nat inside source static tcp 10.0.0.12 80 interface FastEthernet4 999

ip nat inside source static tcp 10.0.0.10 24669 interface FastEthernet4 24669

!

ip access-list extended DYNDNS

permit tcp host 204.13.248.112 eq 443 any established log

ip access-list extended IansBittorrent

remark CCP_ACL Category=256

remark Ian's bittorrent

permit tcp host 10.0.0.222 eq www any eq www

ip access-list extended SDM_AH

remark CCP_ACL Category=1

permit ahp any any

ip access-list extended SDM_ESP

remark CCP_ACL Category=1

permit esp any any

ip access-list extended SDM_HTTPS

remark CCP_ACL Category=1

permit tcp any any eq 443

ip access-list extended SDM_IP

remark CCP_ACL Category=1

permit ip any any

ip access-list extended SDM_SHELL

remark CCP_ACL Category=1

permit tcp any any eq cmd

ip access-list extended SDM_SSH

remark CCP_ACL Category=1

permit tcp any any eq 22

ip access-list extended VNC

permit tcp any any eq 999

ip access-list extended kwVNC

remark CCP_ACL Category=1

remark kwVNC

permit tcp any host 10.0.0.19 eq 999

!

access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 10.0.0.0 0.0.0.255

access-list 1 permit 10.2.2.0 0.0.0.255

access-list 2 permit 10.0.0.20

access-list 2 remark CCP_ACL Category=1

access-list 2 permit 10.0.0.21

access-list 3 remark CCP_ACL Category=1

access-list 3 permit 10.0.0.11

access-list 3 permit 10.0.0.15

access-list 4 remark CCP_ACL Category=1

access-list 4 permit 10.0.0.14

access-list 4 permit 10.0.0.16

access-list 10 remark CCP_ACL Category=16

access-list 10 permit 10.0.0.19

access-list 100 remark CCP_ACL Category=128

access-list 100 permit ip host 255.255.255.255 any

access-list 100 permit ip 127.0.0.0 0.255.255.255 any

access-list 101 remark CCP_ACL Category=128

access-list 101 permit ip any any

access-list 102 remark CCP_ACL Category=4

access-list 102 permit ip 10.2.2.0 0.0.0.255 any

no cdp run

!

control-plane

!

banner exec ^C

% Password expiration warning.

-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device

and it provides the default username "cisco" for  one-time use. If you have

already used the username "cisco" to login to the router and your IOS image

supports the "one-time" user option, then this username has already expired.

You will not be able to login to the router with this username after you exit

this session.

It is strongly suggested that you create a new username with a privilege level

of 15 using the following command.

username privilege 15 secret 0

Replace and with the username and password you

want to use.

-----------------------------------------------------------------------

^C

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

exec-timeout 0 0

no modem enable

transport output telnet

line aux 0

transport output telnet

line vty 0 4

transport input telnet ssh

!

scheduler max-task-time 5000

scheduler allocate 4000 1000

scheduler interval 500

end

========= Linux ifconfig  (internet doens't work) =================

root@dev-server:~$ ifconfig -a

eth0      Link encap:Ethernet  HWaddr 00:26:b9:89:64:de 

          inet addr:10.2.2.7  Bcast:10.2.2.255  Mask:255.255.255.0

          inet6 addr: fe80::226:b9ff:fe89:64de/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:2635 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1024 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:597543 (597.5 KB)  TX bytes:450490 (450.4 KB)

          Interrupt:16 Memory:da000000-da012800

eth1      Link encap:Ethernet  HWaddr 00:26:b9:89:64:df 

          UP BROADCAST MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

          Interrupt:17 Memory:dc000000-dc012800

lo        Link encap:Local Loopback 

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:154 errors:0 dropped:0 overruns:0 frame:0

          TX packets:154 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:113695 (113.6 KB)  TX bytes:113695 (113.6 KB)

========= Linux routing table (internet doesn't work) ============

root@dev-server:~$ netstat -nr

Kernel IP routing table

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface

10.2.2.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0

169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0

0.0.0.0         10.2.2.1        0.0.0.0         UG        0 0          0 eth0

========= Windows ipconfig (Internet Works) ===============

C:\Users\developer>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : developer-THINK

   Primary Dns Suffix  . . . . . . . :

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : local

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : local

   Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6200 AGN

   Physical Address. . . . . . . . . : 58-94-6B-4A-CC-20

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::84f4:4abf:f1ba:3f75%13(Preferred)

   IPv4 Address. . . . . . . . . . . : 10.2.2.4(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Monday, January 24, 2011 11:00:17 AM

   Lease Expires . . . . . . . . . . : Monday, January 24, 2011 2:44:00 PM

   Default Gateway . . . . . . . . . : 10.2.2.1

                                       173.243.149.225

   DHCP Server . . . . . . . . . . . : 255.255.255.255

   DHCPv6 IAID . . . . . . . . . . . : 324572267

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-8F-24-77-F0-DE-F1-2F-76-59

   DNS Servers . . . . . . . . . . . : 64.17.248.2

   NetBIOS over Tcpip. . . . . . . . : Enabled

========= Windows routing table (Internet Works) ============

C:\Users\developer>route print

===========================================================================

Interface List

13...58 94 6b 4a cc 20 ......Intel(R) Centrino(R) Advanced-N 6200 AGN

11...f0 de f1 2f 76 59 ......Intel(R) 82577LM Gigabit Network Connection

  1...........................Software Loopback Interface 1

12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter

18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2

14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

34...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0         10.2.2.1         10.2.2.4     25

          0.0.0.0          0.0.0.0  173.243.149.225         10.2.2.4     25

         10.2.2.0    255.255.255.0         On-link          10.2.2.4    281

         10.2.2.1  255.255.255.255         On-link          10.2.2.4     26

         10.2.2.4  255.255.255.255         On-link          10.2.2.4    281

       10.2.2.255  255.255.255.255         On-link          10.2.2.4    281

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link          10.2.2.4    281

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link          10.2.2.4    281

===========================================================================

Persistent Routes:

  None

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination      Gateway

14     58 ::/0                     On-link

  1    306 ::1/128                  On-link

14     58 2001::/32                On-link

14    306 2001:0:4137:9e76:189a:37e4:f5fd:fdfb/128

                                    On-link

13    281 fe80::/64                On-link

14    306 fe80::/64                On-link

14    306 fe80::189a:37e4:f5fd:fdfb/128

                                    On-link

13    281 fe80::84f4:4abf:f1ba:3f75/128

                                    On-link

  1    306 ff00::/8                 On-link

14    306 ff00::/8                 On-link

13    281 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

Hi,

I'm gonna take a look at it tomorrow.

Regards.

Alain.

Still not having any luck, another piece of information on tracepath (Ubuntu version of tracert):

root@dev-server:/etc/dhcp3$ tracepath 4.2.2.1

1:  dev-server.local (10.2.2.7)                    0.130ms pmtu 1500

1:  10.2.2.1 (10.2.2.1)                                    0.685ms !N

1:  10.2.2.1 (10.2.2.1)                                    0.643ms !N

     Resume: pmtu 1500

I don't see anything in the config that should provoke the symptom you have.

Can you sniff on linux box when pinging( and the same on windows) and also provide output of arp cache on linux box, windows and on the router( sh ip arp).

Regards.

Alain.

I've had the same issue with a ubuntu box, basically is was holding onto the old default gateway or didn't apply it.

Basically  change the network setting for the ubuntu box from DHCP to manual and enter some setting sucj as 192.168.1.1 255.255.255.0 def gateway 192.168.1.1, accept this  and it will apply your entered settings, then go back in and clear them  all off then change it to DHCP ( clear all the settings first ) and then apply those setting and your  box should pick up the new or changed default gateway.

Hi Ian, could you go into a bit more specifics on what you did to fix it?

I changed to static IP assignment (did an ip dhcp excluded-address for an address range), and have the Linux server assign a static IP, dns, default gateway (10.2.2.1) for itself, subnet 255.255.255.0.  After rebooting, it still can't ping the internet (ping 4.2.2.1).

However, in the morning when I came back into the office, I was able to ping 4.2.2.1!  I thought about your response and thought maybe now the gateway has "unstuck" itself from the previous configuration, and I set it back to DHCP, took out the DHCP excluded address range, and restarted the network interface on the ubuntu box.  However, now I can't ping 4..2.2.1 anymore.  I tried rebooting as well, doesn't work.  I tried changing it back to Static IP, doesn't work either, reboot doesn't work either.  Quite frustrating problem. =(

So after serveral reboots on the Ubuntu box as DHCP, I converted it back to static IP.  When that didn't work, I hard rebooted the Cisco router, and that fixed it, now I am able to connect to the internet on the Linux box.  Since the Linux box is in a production environment, I will keep it running on static IP for now.  I have saved all my configs and server settings in the case this DHCP issue need to be revisited in the future.

Thanks all again for help.

Hi Alain,

I am not sure what tool to use for sniffing the Linux box (can you let me know?), but I can show you the arp cache now:

Linux box:

root@dev-server:~$ arp -n

Address                  HWtype  HWaddress           Flags Mask            Iface

10.2.2.33                ether   5c:ac:4c:bf:b6:0f   C                     eth0

10.2.2.55                ether   c8:bc:c8:ea:d4:0c   C                     eth0

10.2.2.1                 ether   30:46:9a:a1:a1:1c   C                     eth0

10.2.2.4                 ether   58:94:6b:4a:cc:20   C                     eth0

Windows:

C:\Users\khwang>arp -a

Interface: 10.2.2.4 --- 0xd

  Internet Address      Physical Address      Type

  10.2.2.1              c4-7d-4f-16-33-58     dynamic

  10.2.2.6              58-94-6b-47-c9-10     dynamic

  10.2.2.7              00-26-b9-89-64-de     dynamic

  10.2.2.24             5c-ac-4c-bd-42-5e     dynamic

  10.2.2.33             5c-ac-4c-bf-b6-0f     dynamic

  10.2.2.40             5c-ac-4c-bd-01-32     dynamic

  10.2.2.43             1c-c1-de-12-37-42     dynamic

  10.2.2.44             00-26-ab-54-9d-91     dynamic

  10.2.2.45             5c-ac-4c-bd-42-5a     dynamic

  10.2.2.47             c0-cb-38-44-ed-47     dynamic

  10.2.2.49             00-26-bb-0e-cb-5c     dynamic

  10.2.2.54             00-26-bb-0e-cb-5c     dynamic

  10.2.2.55             c8-bc-c8-ea-d4-0c     dynamic

  10.2.2.255            ff-ff-ff-ff-ff-ff     static

  224.0.0.22            01-00-5e-00-00-16     static

  224.0.0.251           01-00-5e-00-00-fb     static

  224.0.0.252           01-00-5e-00-00-fc     static

  239.255.255.250       01-00-5e-7f-ff-fa     static

  255.255.255.255       ff-ff-ff-ff-ff-ff     static

Oh wow, you are right!  The previous gateway was a netgear, I guess that arp cache got stuck in there.  How do you properly clear the arp cache on a linux box to ensure this doesn't happen again?

Thanks again for root causing this.

Cheers,

Kuangwei

arp -d 10.2.2.1 should do the trick.

Regards.

Alain.