From owner-freebsd-questions Fri Feb 16 11:16:26 2001 Delivered-To: freebsd-questions@freebsd.org Received: from pioneernet.net (smtp.globalsupremacy.com [208.240.196.25]) by hub.freebsd.org (Postfix) with ESMTP id 77E4437B491 for ; Fri, 16 Feb 2001 11:16:20 -0800 (PST) Received: from wiegand.org [208.194.173.26] by pioneernet.net with ESMTP (SMTPD32-6.05) id AD5757018E; Fri, 16 Feb 2001 11:19:51 -0800 Message-ID: <3A8D7D11.BF4C0A5E@wiegand.org> Date: Fri, 16 Feb 2001 11:18:41 -0800 From: Chip X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.2-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: cjclark@alum.mit.edu Cc: "freebsd-questions@FreeBSD.ORG" Subject: Re: Arp error - differant from the ones in the archives References: <3A8C81CF.A76A0B52@wiegand.org> <20010215212537.Z62368@rfx-216-196-73-168.users.reflex> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Thankyou for the help, I changed the ip address scheme to 192.168.1.xx, and am no longer getting the arp messages. I appreciate the help. -- Chip "Crist J. Clark" wrote: > > On Thu, Feb 15, 2001 at 05:26:39PM -0800, Chip wrote: > > I have an arp error occuring on my firewall as follows: > > > > /kernel: arp:xxx.xxx.xxx.xx is on xl0 but got reply from > > xx:xx:xx:xx:xx:xx on ep1 > > > > The firewall has two nics - > > xl0 is connected to the hub > > ep1 is connected to the dsl modem > > > > The inside network is the 192.168.0.x series served up > > from a NT dhcp server. > > The firewall xl0 nic has a static address of 192.168.0.1 > > the other boxes on the network are all dhcp, some are > > freebsd, some win95, some win98. > > The firewall ep1 nic has static address provided by the > > isp. > > The arp error has shown several differant nic ipaddresses > > in the first part of the message - xxx.xxx.xxx.xx on xl0 etc > > > > How do I troubleshoot this one? It appears to be preventing > > natd from working, is that possible? Because natd quit > > working about the time these started. > > These messages are ususally associated with someone plugging two NICs > off of the same machine into a hub. This does not sound like your > problem. In your case, it sounds like someone else with a broken setup > like that is leaking RFC1918 addresses out onto your DSL network. > > This really should not break NAT, and you should have anti-spoofing > rules on the external interface (don't let anything in that interface > with a source of your internal net) nor should you be letting in > traffic not destined for the IP address on the external interface. > > Since someone else is likely generating the noise, there is not a lot > you can do about it. You might try to chose a less obvious block than > 192.168.0.0/24 inside of the 192.168.0.0/16 group. > -- > Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message