Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 17 Oct 2001 11:55:08 -0700
From:      "Scott Lampert" <scott@lampert.org>
To:        <security@FreeBSD.ORG>
Subject:   Re: Bridging Firewall - 3 interfaces - arp issue
Message-ID:  <007c01c1573d$3db777a0$07faa8c0@zeppelin>
References:  <000f01c156d9$152988a0$07faa8c0@zeppelin>
next in thread | previous in thread | raw e-mail | index | archive | help 
I forgot to mention that this box is running 4.4-RELEASE.

----- Original Message -----
From: "Scott Lampert" <scott@lampert.org>
To: <security@FreeBSD.ORG>
Sent: Tuesday, October 16, 2001 11:58 PM
Subject: Bridging Firewall - 3 interfaces - arp issue


>     I have a box I've setup as a bridging firewall with ipfw.  It has 3
> interfaces - two are bridged, without IP addresses, and the third has an
IP
> address and is connected to the inside network.  Basically it looks like
> this:
>
>    ************
>    * Internet *
>    **+********
>        | 192.168.1.1/24
>        |
>        |
>        | bridge outside
>        |
> +--+-------+   192.168.1.2/24
> |  Firewall Box +-----+
> +--+-------+           |
>        |  bridge inside      |
>        |                            |
>        |                       +-+-------+
>        +-----------|    Switch      |
>                                +--------- +
>
>
>
> I hope the poor ascii art helps rather than hinders. :)  In any event,
I've
> noticed after running the firewall for a few hours that I start getting
the
> following message in my dmesg output:
>
> arp: 00:aa:bb:cc:dd:ee is using my IP address 192.168.1.2!
> xx ouch, bdg_forward for local pkt
>
>
> The box is complaining about the third interface saying it has the IP its
> supposed to have.  For some reason the box doesn't realize that its own
> interface is answering arps correctly.  Is this normal behavior or have I
> misconfigured something?  Do I need to add the third interface to the
bridge
> configuration?
>
>             -Scott
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007c01c1573d$3db777a0$07faa8c0>