Date: Fri, 16 Feb 2001 11:18:41 -0800 From: Chip <chip@wiegand.org> To: cjclark@alum.mit.edu Cc: "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG> Subject: Re: Arp error - differant from the ones in the archives Message-ID: <3A8D7D11.BF4C0A5E@wiegand.org> References: <3A8C81CF.A76A0B52@wiegand.org> <20010215212537.Z62368@rfx-216-196-73-168.users.reflex>
next in thread | previous in thread | raw e-mail | index | archive | help
Thankyou for the help, I changed the ip address scheme to 192.168.1.xx, and am no longer getting the arp messages. I appreciate the help. -- Chip "Crist J. Clark" wrote: > > On Thu, Feb 15, 2001 at 05:26:39PM -0800, Chip wrote: > > I have an arp error occuring on my firewall as follows: > > > > /kernel: arp:xxx.xxx.xxx.xx is on xl0 but got reply from > > xx:xx:xx:xx:xx:xx on ep1 > > > > The firewall has two nics - > > xl0 is connected to the hub > > ep1 is connected to the dsl modem > > > > The inside network is the 192.168.0.x series served up > > from a NT dhcp server. > > The firewall xl0 nic has a static address of 192.168.0.1 > > the other boxes on the network are all dhcp, some are > > freebsd, some win95, some win98. > > The firewall ep1 nic has static address provided by the > > isp. > > The arp error has shown several differant nic ipaddresses > > in the first part of the message - xxx.xxx.xxx.xx on xl0 etc > > > > How do I troubleshoot this one? It appears to be preventing > > natd from working, is that possible? Because natd quit > > working about the time these started. > > These messages are ususally associated with someone plugging two NICs > off of the same machine into a hub. This does not sound like your > problem. In your case, it sounds like someone else with a broken setup > like that is leaking RFC1918 addresses out onto your DSL network. > > This really should not break NAT, and you should have anti-spoofing > rules on the external interface (don't let anything in that interface > with a source of your internal net) nor should you be letting in > traffic not destined for the IP address on the external interface. > > Since someone else is likely generating the noise, there is not a lot > you can do about it. You might try to chose a less obvious block than > 192.168.0.0/24 inside of the 192.168.0.0/16 group. > -- > Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A8D7D11.BF4C0A5E>