From owner-freebsd-stable@FreeBSD.ORG  Tue Jan 25 20:07:21 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4E49716A4CE
	for <freebsd-stable@freebsd.org>;
	Tue, 25 Jan 2005 20:07:21 +0000 (GMT)
Received: from zoot.lafn.org (zoot.lafn.ORG [206.117.18.6])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EC63743D45
	for <freebsd-stable@freebsd.org>;
	Tue, 25 Jan 2005 20:07:20 +0000 (GMT)	(envelope-from bc979@lafn.org)
Received: from [10.0.1.90] ([4.28.157.47])	(authenticated bits=0)
	by zoot.lafn.org (8.12.3p3/8.12.3) with ESMTP id j0PK6d5T001762
	(version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO)
	for <freebsd-stable@freebsd.org>;
	Tue, 25 Jan 2005 12:07:20 -0800 (PST)	(envelope-from bc979@lafn.org)
Mime-Version: 1.0 (Apple Message framework v619)
In-Reply-To: <20050125191446.GA26504@odin.ac.hmc.edu>
References: <20050125180025.S04220.richw@whodunit.richw.org>
	<20050125191446.GA26504@odin.ac.hmc.edu>
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <B7913843-6F0C-11D9-8611-000393681B06@lafn.org>
Content-Transfer-Encoding: 7bit
From: Doug Hardie <bc979@lafn.org>
Date: Tue, 25 Jan 2005 12:07:19 -0800
To: freebsd-stable@freebsd.org
X-Mailer: Apple Mail (2.619)
X-Virus-Scanned: ClamAV 0.80/680/Sun Jan 23 15:16:15 2005
	clamav-milter version 0.80j
	on zoot.lafn.org
X-Virus-Status: Clean
Subject: Re: NIC acting promiscuously -- how to fix?
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jan 2005 20:07:21 -0000


> On Tue, Jan 25, 2005 at 10:43:01AM -0800, Rich Wales wrote:
>> I'm running 5.3-RELEASE-p5 on a system that is functioning as a
>> NAT router/firewall using "pf".  It works just fine, but . . . .
>>
>> The external (Internet) network connection is giving me incoming
>> traffic addressed to other users all over my neighborhood (not
>> just the packets intended for me).  The external NIC (an Accton
>> MPX 5030/5038, handled via the "rl" driver) appears to be running
>> promiscuously; it's accepting all these incoming packets, whether
>> addressed to me or not.

How are you determining that?  If you are using tcpdump without the -p 
then keep in mind it will put the interface into promiscous mode and 
you will see everything on the network regardless of who its addressed 
to.  To verify what your interface is accepting use:

tcpdump -pei rl0

That will show the packets that it accepts including the ethernet 
headers.  Those headers should all have your MAC address in them (send 
or receive).