Date: Wed, 19 Apr 2000 13:20:49 -0400 (EDT) From: miy <miyako@sakr.net> To: cjclark@home.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: network replies causing system messages flooding Message-ID: <Pine.BSF.4.10.10004191311530.3716-100000@sakr.net> In-Reply-To: <20000417225020.A52719@cc942873-a.ewndsr1.nj.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 17 Apr 2000, Crist J. Clark wrote: > On Mon, Apr 17, 2000 at 06:56:47PM -0400, miy wrote: > > On Sun, 16 Apr 2000, Crist J. Clark wrote: > > > On Sun, Apr 16, 2000 at 01:22:06AM -0400, miy wrote: > > > > > > > > I originally had a windows box [10.0.0.2] connected to my cable connection > > > > through a FreeBSD gateway running natd. I recently added a second windows > > > > box to the network, and I it connects properly to the gateway, but I am > > > > getting flooded by the following system message: > > > > > > > > arp: 10.0.0.4 is on ed1 but got reply from 00:80:c8:e8:ea:d7 on rl0 > > > > arp: 10.0.0.4 is on ed1 but got reply from 00:80:c8:e8:ea:d7 on rl0 > > > > arp: 10.0.0.4 is on ed1 but got reply from 00:80:c8:e8:ea:d7 on rl0 > > > > arp: 10.0.0.4 is on ed1 but got reply from 00:80:c8:e8:ea:d7 on rl0 > > > > > > > > My natd configuration is as follows: > > > > /sbin/natd -s -n rl0 -redirect_port tcp 10.0.0.2:2121 2121 > > > > /sbin/ipfw add 1000 divert 6668 ip from any to any via rl0 > > > > /sbin/ipfw add 1002 divert 6668 ip from 10.0.0.2/24 to any via rl0 > > > > > > > > > > > > #10.0.0.4 is the most recent windows box that was added to the network. > > > > > > Well, if it weren't for the fact that you say that the 10.0.0.4 host > > > is on your net behind the NAT gateway, I would think that you > > > connected the 10.0.0.4 machine on the rl0 interface. Just to be safe, > > > how do you have the network physically configured? You don't have both > > > NICs on the gateway plugged into one hub or something like that, > > > right? > > > > > > It could be that someone else on your cable LAN is leaking RFC 1918 > > > addresses, and they make it over the modem to your machine. The modems > > > should not do that, but the idea of a poorly configured ISP, even a > > > coax cable one, never shocks me. > > > > > > My network is configured with the cable modem connected to my FreeBSD > > gateway machine (into rl0). The FreeBSD machine's second card (ed1) is > > connected to my hub's uplink. The two windows boxes (10.0.0.2 & 10.0.0.4) > > are connected directly to the hub. > > Just a tiny point, if all of the devices connected to this hub are > NICs, you should not need to use an "uplink" port. > > > I don't completely understand what leaking RFC 1918 addresses are. > > Are these essentially leaked packets from my ISP's local subnet (other > > machines in my district) that are being collected by my gateway from the > > cable modem? Are these causing the problem or is it an issue of my > > physical configuration? > > That packets from other machines could be reaching your NAT gateway > from the external net is a _possibility._ However, it is very > suspicious that the address happens to be one you are trying to use. > > > My system message buffer now has 10 pages or so worth of: > > arp: 10.0.0.4 is on ed1 but got reply from 00:80:c8:e8:ea:d7 on rl0 > > Have you identified the piece of hardware associated with > 00:80:c8:e8:ea:d7? Use this command, > > % arp -a > > FYI, it's a piece of D-Link hardware. > > Also, what is the configuration of each interface (output of 'ifconfig > interface' for both)? I moved my gateway's NIC from the Uplink to a standard link on the hub, and my lan connectivity is still working well, but I am still getting the msgs. this is the output of ifconfig: rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet6 fe80::2e0:29ff:fe54:a201%rl0 prefixlen 64 scopeid 0x1 inet 24.114.39.136 netmask 0xfffffc00 broadcast 24.114.39.255 ether 00:e0:29:54:a2:01 media: autoselect (none) status: active supported media: autoselect 100baseTX <full-duplex> 100baseTX 10baseT/UT P <full-duplex> 10baseT/UTP 100baseTX <hw-loopback> lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 ed1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 inet6 fe80::240:5ff:fe71:498c%ed1 prefixlen 64 scopeid 0x3 ether 00:40:05:71:49:8c sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552 ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xffffff00 gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 inet6 fe80::2e0:29ff:fe54:a201%gif0 prefixlen 64 scopeid 0x7 and the output of arp -a is: sakr.net (10.0.0.1) at 0:40:5:71:49:8c permanent [ethernet] ? (10.0.0.2) at 0:80:c6:f9:a5:55 [ethernet] ? (10.0.0.4) at 0:e0:29:54:9f:a6 [ethernet] bb1-fe1-1.ym1.on.home.net (24.114.36.1) at 0:60:5c:76:5b:21 [ethernet] The associated hardware seems to be my network card on the windows box (10.0.0.2), although these messages were not occuring when I was connected to the HUB alone on the network. Every since I added the other machine the sys logs have been displaying the same errors. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10004191311530.3716-100000>