Date: Thu, 4 Jan 2001 08:31:23 +0100 From: "Weert de G.H. Gert" <gert.de.weert@travelunie.nl> To: <cjclark@alum.mit.edu> Cc: <freebsd-questions@freebsd.org> Subject: Re: Arp messages, probably nothing to worry about... Message-ID: <000d01c07620$56d36720$04470096@C01076> References: <003301c0755c$1d3f42a0$04470096@C01076> <20010103013334.C95729@rfx-64-6-211-149.users.reflexco> <005001c0756c$9377e5c0$04470096@C01076> <20010103134745.A12102@rfx-64-6-211-149.users.reflexco>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Crist J. Clark" <cjclark@reflexnet.net> To: "Weert de G.H. Gert" <gert.de.weert@travelunie.nl> Cc: <freebsd-questions@freebsd.org> Sent: Wednesday, January 03, 2001 10:47 PM Subject: Re: Arp messages, probably nothing to worry about... > On Wed, Jan 03, 2001 at 11:04:35AM +0100, Weert de G.H. Gert wrote: > > > > ----- Original Message ----- > > From: "Crist J. Clark" <cjclark@reflexnet.net> > > To: "Weert de G.H. Gert" <gert.de.weert@travelunie.nl> > > Cc: <freebsd-questions@FreeBSD.ORG> > > Sent: Wednesday, January 03, 2001 10:33 AM > > Subject: Re: Arp messages, probably nothing to worry about... > > > > > > > On Wed, Jan 03, 2001 at 09:06:45AM +0100, Weert de G.H. Gert wrote: > > [snip] > > > > > Dec 28 13:31:12 obelix /kernel: arp: 192.168.1.3 is on ep0 but got > > > > reply from 00 > > > > :10:5a:dc:21:cb on ep1 > > > > > > Since the MAC address is different from the one off of ep0 and also > > > different from the next one, my best guess is some other luzer on > > > your LAN has plugged his "private" network into a hub along with the > > > connection to his cable modem. His "private" network is part of the > > > public LAN. > > > > Ok. But I have a couple of firewallrules to block this. At least I > > thought it is. > > > > # Stop RFC1918 nets on the outside interface > > /sbin/ipfw add 200 deny all from 192.168.0.0/16 to any in via ep1 > > /sbin/ipfw add 210 deny all from 172.16.0.0/12 to any in via ep1 > > /sbin/ipfw add 220 deny all from 10.0.0.0/8 to any in via ep1 > > # > > These will have no impact on your ARP messages. ipfw works, as the > name suggests, at the IP layer. ARP is a link layer protocol. It is > processed in the kernel before it gets to the firewall. This is not a > bug. Ok, arp messages are processed before they hit the firewall. These rules do not have any impact on arp messages. > [snip] > > > > > ; ------------------------------ > > > > [root@obelix] /var/log # arp -a > > > > obelix.wnw.org (192.168.1.1) at 0:50:4:1a:ab:a0 permanent > > [ethernet] > > > > asterix.wnw.org (192.168.1.2) at (incomplete) [ethernet] > > > > idefix.wnw.org (192.168.1.3) at 0:60:8c:df:c5:2 [ethernet] > > > > ? (192.168.1.255) at ff:ff:ff:ff:ff:ff permanent [ethernet] > > > > ? (213.51.104.1) at 0:50:f:a9:a0:1c [ethernet] > > > > > > And this MAC is different from the two above. Looks like your cable > > > modem is acting like a real bridge. What kind is it? > > > > It's a (standard) com21 cable modem. > > Which one from: > > http://www.com21.com/products/cable_modems/index.htm I think I'm using a 'comport2000'. > If you don't mind my curiosity. > -- > Crist J. Clark cjclark@alum.mit.edu Cheers, Gert de Weert To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000d01c07620$56d36720$04470096>