Date: Wed, 10 Aug 2005 17:07:27 +0400 From: Steve Langdon <steve.langdon@mail.ru> To: freebsd-questions@freebsd.org Cc: freebsd-net@freebsd.org Subject: Stranges with ARP Message-ID: <E1E2qIp-000NEB-00.steve-langdon-mail-ru@f24.mail.ru>
next in thread | raw e-mail | index | archive | help
Hello all. Help me to solve a strange conduct. I want to have permanent bundle with IP->MAC for users in our network to have some security. So, once my user's MAC doesn't appear in my ARP table, I have to block by ``arp -S ..' his IP with MAC generated by my script with prefix d1:fa:28. One day I have a phone talk with my user, he make complaints against slow speed in Internet. When I have checked his IP I feel a terrible :) tcpdump: listening on rl0 18:48:11.339543 213.238.62.65.80 > 192.168.57.90.1072: . 2091947455:2091948915(1460) ack 140637902 win 7441 (DF) [tos 0x60] ^C 561 packets received by filter 0 packets dropped by kernel Traffic comes to that user! root@router:~ % arp -a | grep -w 192.168.57.90 ? (192.168.57.90) at d1:fa:28:ec:87:98 on rl0 permanent [ethernet] root@router:~ % While user is blocked by _our_ generated MAC! Btw, could anyone advice me how to block user IP block without touching ipfw (I think to use route + ``-blackhole' to that user that have no his MAC in my ARP table), any ideas? root@router:~ % arping 192.168.57.90 ARPING 192.168.57.90 60 bytes from 00:00:f0:87:4b:ca (192.168.57.90): index=0 time=2.724 msec 60 bytes from 00:00:f0:87:4b:ca (192.168.57.90): index=1 time=9.966 msec ^C --- 192.168.57.90 statistics --- 2 packets transmitted, 2 packets received, 0% unanswered root@router:~ % His real MAC is 00:00:f0:87:4b:ca. I can't belave this could be. Whats wrong? As I think all traffic must transmit to d1:fa:28:ec:87:98, NOT to 00:00:f0:87:4b:ca and user's NIC must ignore that packet unless his interface in PROMISC mode. Or I'm wrong? root@router:~ % ifconfig rl0 | grep flags rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 root@router:~ % -- Best regards, Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1E2qIp-000NEB-00.steve-langdon-mail-ru>