From owner-freebsd-questions Thu Feb 15 21:31:52 2001 Delivered-To: freebsd-questions@freebsd.org Received: from bigcan.rapidsys.com (rapidsys.com [209.84.253.5]) by hub.freebsd.org (Postfix) with ESMTP id 3CAEB37B491 for ; Thu, 15 Feb 2001 21:31:48 -0800 (PST) Received: from power (216.202.125.213 [216.202.125.213]) by bigcan.rapidsys.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id 19Q6V286; Fri, 16 Feb 2001 00:35:38 -0500 From: "tmoore" To: Subject: RE: Arp error - differant from the ones in the archives Date: Fri, 16 Feb 2001 00:26:51 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20010215212537.Z62368@rfx-216-196-73-168.users.reflex> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I get the errors and I do have two nics from one machine is there a way to fix the problem besides just using a single nic? -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Crist J. Clark Sent: Friday, February 16, 2001 12:26 AM To: Chip Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Arp error - differant from the ones in the archives On Thu, Feb 15, 2001 at 05:26:39PM -0800, Chip wrote: > I have an arp error occuring on my firewall as follows: > > /kernel: arp:xxx.xxx.xxx.xx is on xl0 but got reply from > xx:xx:xx:xx:xx:xx on ep1 > > The firewall has two nics - > xl0 is connected to the hub > ep1 is connected to the dsl modem > > The inside network is the 192.168.0.x series served up > from a NT dhcp server. > The firewall xl0 nic has a static address of 192.168.0.1 > the other boxes on the network are all dhcp, some are > freebsd, some win95, some win98. > The firewall ep1 nic has static address provided by the > isp. > The arp error has shown several differant nic ipaddresses > in the first part of the message - xxx.xxx.xxx.xx on xl0 etc > > How do I troubleshoot this one? It appears to be preventing > natd from working, is that possible? Because natd quit > working about the time these started. These messages are ususally associated with someone plugging two NICs off of the same machine into a hub. This does not sound like your problem. In your case, it sounds like someone else with a broken setup like that is leaking RFC1918 addresses out onto your DSL network. This really should not break NAT, and you should have anti-spoofing rules on the external interface (don't let anything in that interface with a source of your internal net) nor should you be letting in traffic not destined for the IP address on the external interface. Since someone else is likely generating the noise, there is not a lot you can do about it. You might try to chose a less obvious block than 192.168.0.0/24 inside of the 192.168.0.0/16 group. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message