Date: Wed, 3 Jan 2001 13:47:45 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: "Weert de G.H. Gert" <gert.de.weert@travelunie.nl> Cc: freebsd-questions@freebsd.org Subject: Re: Arp messages, probably nothing to worry about... Message-ID: <20010103134745.A12102@rfx-64-6-211-149.users.reflexco> In-Reply-To: <005001c0756c$9377e5c0$04470096@C01076>; from gert.de.weert@travelunie.nl on Wed, Jan 03, 2001 at 11:04:35AM %2B0100 References: <003301c0755c$1d3f42a0$04470096@C01076> <20010103013334.C95729@rfx-64-6-211-149.users.reflexco> <005001c0756c$9377e5c0$04470096@C01076>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 03, 2001 at 11:04:35AM +0100, Weert de G.H. Gert wrote: > > ----- Original Message ----- > From: "Crist J. Clark" <cjclark@reflexnet.net> > To: "Weert de G.H. Gert" <gert.de.weert@travelunie.nl> > Cc: <freebsd-questions@FreeBSD.ORG> > Sent: Wednesday, January 03, 2001 10:33 AM > Subject: Re: Arp messages, probably nothing to worry about... > > > > On Wed, Jan 03, 2001 at 09:06:45AM +0100, Weert de G.H. Gert wrote: [snip] > > > Dec 28 13:31:12 obelix /kernel: arp: 192.168.1.3 is on ep0 but got > > > reply from 00 > > > :10:5a:dc:21:cb on ep1 > > > > Since the MAC address is different from the one off of ep0 and also > > different from the next one, my best guess is some other luzer on > > your LAN has plugged his "private" network into a hub along with the > > connection to his cable modem. His "private" network is part of the > > public LAN. > > Ok. But I have a couple of firewallrules to block this. At least I > thought it is. > > # Stop RFC1918 nets on the outside interface > /sbin/ipfw add 200 deny all from 192.168.0.0/16 to any in via ep1 > /sbin/ipfw add 210 deny all from 172.16.0.0/12 to any in via ep1 > /sbin/ipfw add 220 deny all from 10.0.0.0/8 to any in via ep1 > # These will have no impact on your ARP messages. ipfw works, as the name suggests, at the IP layer. ARP is a link layer protocol. It is processed in the kernel before it gets to the firewall. This is not a bug. [snip] > > > ; ------------------------------ > > > [root@obelix] /var/log # arp -a > > > obelix.wnw.org (192.168.1.1) at 0:50:4:1a:ab:a0 permanent > [ethernet] > > > asterix.wnw.org (192.168.1.2) at (incomplete) [ethernet] > > > idefix.wnw.org (192.168.1.3) at 0:60:8c:df:c5:2 [ethernet] > > > ? (192.168.1.255) at ff:ff:ff:ff:ff:ff permanent [ethernet] > > > ? (213.51.104.1) at 0:50:f:a9:a0:1c [ethernet] > > > > And this MAC is different from the two above. Looks like your cable > > modem is acting like a real bridge. What kind is it? > > It's a (standard) com21 cable modem. Which one from: http://www.com21.com/products/cable_modems/index.htm If you don't mind my curiosity. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010103134745.A12102>