Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 19 Apr 2000 13:20:49 -0400 (EDT)
From:      miy <miyako@sakr.net>
To:        cjclark@home.com
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: network replies causing system messages flooding
Message-ID:  <Pine.BSF.4.10.10004191311530.3716-100000@sakr.net>
In-Reply-To: <20000417225020.A52719@cc942873-a.ewndsr1.nj.home.com>

next in thread | previous in thread | raw e-mail | index | archive | help


On Mon, 17 Apr 2000, Crist J. Clark wrote:

> On Mon, Apr 17, 2000 at 06:56:47PM -0400, miy wrote:
> > On Sun, 16 Apr 2000, Crist J. Clark wrote:
> > > On Sun, Apr 16, 2000 at 01:22:06AM -0400, miy wrote:
> > > > 
> > > > I originally had a windows box [10.0.0.2] connected to my cable connection
> > > > through a FreeBSD gateway running natd. I recently added a second windows
> > > > box to the network, and I it connects properly to the gateway, but I am 
> > > > getting flooded by the following system message:
> > > > 
> > > > arp: 10.0.0.4 is on ed1 but got reply from 00:80:c8:e8:ea:d7 on rl0
> > > > arp: 10.0.0.4 is on ed1 but got reply from 00:80:c8:e8:ea:d7 on rl0
> > > > arp: 10.0.0.4 is on ed1 but got reply from 00:80:c8:e8:ea:d7 on rl0
> > > > arp: 10.0.0.4 is on ed1 but got reply from 00:80:c8:e8:ea:d7 on rl0 
> > > > 
> > > > My natd configuration is as follows:
> > > > /sbin/natd -s -n rl0 -redirect_port tcp 10.0.0.2:2121 2121
> > > > /sbin/ipfw add 1000 divert 6668 ip from any to any via rl0
> > > > /sbin/ipfw add 1002 divert 6668 ip from 10.0.0.2/24 to any via rl0
> > > > 
> > > > 
> > > > #10.0.0.4 is the most recent windows box that was added to the network.
> > > 
> > > Well, if it weren't for the fact that you say that the 10.0.0.4 host
> > > is on your net behind the NAT gateway, I would think that you
> > > connected the 10.0.0.4 machine on the rl0 interface. Just to be safe,
> > > how do you have the network physically configured? You don't have both
> > > NICs on the gateway plugged into one hub or something like that,
> > > right?
> > > 
> > > It could be that someone else on your cable LAN is leaking RFC 1918
> > > addresses, and they make it over the modem to your machine. The modems
> > > should not do that, but the idea of a poorly configured ISP, even a
> > > coax cable one, never shocks me.
> > 
> > 
> > My network is configured with the cable modem connected to my FreeBSD
> > gateway machine (into rl0). The FreeBSD machine's second card (ed1) is 
> > connected to my hub's uplink. The two windows boxes (10.0.0.2 & 10.0.0.4)
> > are connected directly to the hub. 
> 
> Just a tiny point, if all of the devices connected to this hub are
> NICs, you should not need to use an "uplink" port.
> 
> > I don't completely understand what leaking RFC 1918 addresses are. 
> > Are these essentially leaked packets from my ISP's local subnet (other
> > machines in my district) that are being collected by my gateway from the
> > cable modem? Are these causing the problem or is it an issue of my
> > physical configuration?
> 
> That packets from other machines could be reaching your NAT gateway
> from the external net is a _possibility._ However, it is very
> suspicious that the address happens to be one you are trying to use.
> 
> > My system message buffer now has 10 pages or so worth of:
> > arp: 10.0.0.4 is on ed1 but got reply from 00:80:c8:e8:ea:d7 on rl0
> 
> Have you identified the piece of hardware associated with
> 00:80:c8:e8:ea:d7? Use this command,
> 
>   % arp -a
> 
> FYI, it's a piece of D-Link hardware.
> 
> Also, what is the configuration of each interface (output of 'ifconfig
> interface' for both)?

I moved my gateway's NIC from the Uplink to a standard link on the hub,
and my lan connectivity is still working well, but I am still getting the
msgs.

this is the output of ifconfig:

rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::2e0:29ff:fe54:a201%rl0 prefixlen 64 scopeid 0x1
        inet 24.114.39.136 netmask 0xfffffc00 broadcast 24.114.39.255
        ether 00:e0:29:54:a2:01
        media: autoselect (none) status: active
        supported media: autoselect 100baseTX <full-duplex> 100baseTX
10baseT/UT
P <full-duplex> 10baseT/UTP 100baseTX <hw-loopback>
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
ed1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
        inet6 fe80::240:5ff:fe71:498c%ed1 prefixlen 64 scopeid 0x3
        ether 00:40:05:71:49:8c
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xffffff00
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
        inet6 fe80::2e0:29ff:fe54:a201%gif0 prefixlen 64 scopeid 0x7

and the output of arp -a is:

sakr.net (10.0.0.1) at 0:40:5:71:49:8c permanent [ethernet]
? (10.0.0.2) at 0:80:c6:f9:a5:55 [ethernet]
? (10.0.0.4) at 0:e0:29:54:9f:a6 [ethernet]
bb1-fe1-1.ym1.on.home.net (24.114.36.1) at 0:60:5c:76:5b:21 [ethernet]

The associated hardware seems to be my network card on the windows box
(10.0.0.2), although these messages were not occuring when I was connected
to the HUB alone on the network. Every since I added the other machine the
sys logs have been displaying the same errors.





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10004191311530.3716-100000>