Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 25 Aug 2005 11:09:47 -0700 (PDT)
From:      Colin Dick <cdick@mail.ocis.net>
To:        lug@lug.kamloops.net, freebsd-ipfw@freebsd.org
Subject:   Differences is arp requests FreeBSD vs Linux
Message-ID:  <Pine.LNX.4.58.0508251046370.29432@mail.ocis.net>

Next in thread | Raw E-Mail | Index | Archive | Help
Hey all,
	My problem with my router dropping packets when moving to FreeBSD
4.11 from Linux appears to be related to arp.  This router sits between my
network and the upstream ADSL whole-sale ports.  I had thought that the
upstream's Cisco was not advertising the customer local arps but that does
not appear to be the case.  It must have been a (?broken?) function of
Linux.

	When I grep the who-has arp entries from tcpdump on Linux, I only
see addresses to or from the sub-interfaces (gateways) of the box.
	When I grep the who-has arp entires from FreeBSD, I see the end
users local arps as well.  With viruses and vulnerabilities the way they
are this increase in arps seems to be causing errors on the Cisco.

	I used ipfw to shut down particular 'problem' users and blocking
some udp ports (1434, 1026, 1027) which seems to help a bit, but I still 
couldn't stabalize.  I had to go back to Linux.

	So, my question is, what can be done to silently discard the
customer local arps or emulate the way the Linux router is functioning
with ipfw? Is there a kernel opt that I can set at bootup?  Am I on the 
wrong track entirely?

	Thanks in advance for any feedback.  I am looking forward to 
getting this router replaced.

--
Colin



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.58.0508251046370.29432>