From owner-freebsd-questions Thu Feb 15 21:25:48 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 2D3D837B503 for ; Thu, 15 Feb 2001 21:25:44 -0800 (PST) Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Thu, 15 Feb 2001 21:23:49 -0800 Received: (from cjc@localhost) by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.1) id f1G5Pcs74584; Thu, 15 Feb 2001 21:25:38 -0800 (PST) (envelope-from cjc) Date: Thu, 15 Feb 2001 21:25:37 -0800 From: "Crist J. Clark" To: Chip Cc: "freebsd-questions@FreeBSD.ORG" Subject: Re: Arp error - differant from the ones in the archives Message-ID: <20010215212537.Z62368@rfx-216-196-73-168.users.reflex> Reply-To: cjclark@alum.mit.edu References: <3A8C81CF.A76A0B52@wiegand.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3A8C81CF.A76A0B52@wiegand.org>; from chip@wiegand.org on Thu, Feb 15, 2001 at 05:26:39PM -0800 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Feb 15, 2001 at 05:26:39PM -0800, Chip wrote: > I have an arp error occuring on my firewall as follows: > > /kernel: arp:xxx.xxx.xxx.xx is on xl0 but got reply from > xx:xx:xx:xx:xx:xx on ep1 > > The firewall has two nics - > xl0 is connected to the hub > ep1 is connected to the dsl modem > > The inside network is the 192.168.0.x series served up > from a NT dhcp server. > The firewall xl0 nic has a static address of 192.168.0.1 > the other boxes on the network are all dhcp, some are > freebsd, some win95, some win98. > The firewall ep1 nic has static address provided by the > isp. > The arp error has shown several differant nic ipaddresses > in the first part of the message - xxx.xxx.xxx.xx on xl0 etc > > How do I troubleshoot this one? It appears to be preventing > natd from working, is that possible? Because natd quit > working about the time these started. These messages are ususally associated with someone plugging two NICs off of the same machine into a hub. This does not sound like your problem. In your case, it sounds like someone else with a broken setup like that is leaking RFC1918 addresses out onto your DSL network. This really should not break NAT, and you should have anti-spoofing rules on the external interface (don't let anything in that interface with a source of your internal net) nor should you be letting in traffic not destined for the IP address on the external interface. Since someone else is likely generating the noise, there is not a lot you can do about it. You might try to chose a less obvious block than 192.168.0.0/24 inside of the 192.168.0.0/16 group. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message