Date: Thu, 25 Aug 2005 11:09:47 -0700 (PDT) From: Colin Dick <cdick@mail.ocis.net> To: lug@lug.kamloops.net, freebsd-ipfw@freebsd.org Subject: Differences is arp requests FreeBSD vs Linux Message-ID: <Pine.LNX.4.58.0508251046370.29432@mail.ocis.net>
next in thread | raw e-mail | index | archive | help
Hey all, My problem with my router dropping packets when moving to FreeBSD 4.11 from Linux appears to be related to arp. This router sits between my network and the upstream ADSL whole-sale ports. I had thought that the upstream's Cisco was not advertising the customer local arps but that does not appear to be the case. It must have been a (?broken?) function of Linux. When I grep the who-has arp entries from tcpdump on Linux, I only see addresses to or from the sub-interfaces (gateways) of the box. When I grep the who-has arp entires from FreeBSD, I see the end users local arps as well. With viruses and vulnerabilities the way they are this increase in arps seems to be causing errors on the Cisco. I used ipfw to shut down particular 'problem' users and blocking some udp ports (1434, 1026, 1027) which seems to help a bit, but I still couldn't stabalize. I had to go back to Linux. So, my question is, what can be done to silently discard the customer local arps or emulate the way the Linux router is functioning with ipfw? Is there a kernel opt that I can set at bootup? Am I on the wrong track entirely? Thanks in advance for any feedback. I am looking forward to getting this router replaced. -- Colin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.58.0508251046370.29432>