Date: Wed, 19 Apr 2000 13:20:49 -0400 (EDT) From: miy <miyako@sakr.net> To: cjclark@home.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: network replies causing system messages flooding Message-ID: <Pine.BSF.4.10.10004191311530.3716-100000@sakr.net> In-Reply-To: <20000417225020.A52719@cc942873-a.ewndsr1.nj.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 17 Apr 2000, Crist J. Clark wrote:
> On Mon, Apr 17, 2000 at 06:56:47PM -0400, miy wrote:
> > On Sun, 16 Apr 2000, Crist J. Clark wrote:
> > > On Sun, Apr 16, 2000 at 01:22:06AM -0400, miy wrote:
> > > >
> > > > I originally had a windows box [10.0.0.2] connected to my cable connection
> > > > through a FreeBSD gateway running natd. I recently added a second windows
> > > > box to the network, and I it connects properly to the gateway, but I am
> > > > getting flooded by the following system message:
> > > >
> > > > arp: 10.0.0.4 is on ed1 but got reply from 00:80:c8:e8:ea:d7 on rl0
> > > > arp: 10.0.0.4 is on ed1 but got reply from 00:80:c8:e8:ea:d7 on rl0
> > > > arp: 10.0.0.4 is on ed1 but got reply from 00:80:c8:e8:ea:d7 on rl0
> > > > arp: 10.0.0.4 is on ed1 but got reply from 00:80:c8:e8:ea:d7 on rl0
> > > >
> > > > My natd configuration is as follows:
> > > > /sbin/natd -s -n rl0 -redirect_port tcp 10.0.0.2:2121 2121
> > > > /sbin/ipfw add 1000 divert 6668 ip from any to any via rl0
> > > > /sbin/ipfw add 1002 divert 6668 ip from 10.0.0.2/24 to any via rl0
> > > >
> > > >
> > > > #10.0.0.4 is the most recent windows box that was added to the network.
> > >
> > > Well, if it weren't for the fact that you say that the 10.0.0.4 host
> > > is on your net behind the NAT gateway, I would think that you
> > > connected the 10.0.0.4 machine on the rl0 interface. Just to be safe,
> > > how do you have the network physically configured? You don't have both
> > > NICs on the gateway plugged into one hub or something like that,
> > > right?
> > >
> > > It could be that someone else on your cable LAN is leaking RFC 1918
> > > addresses, and they make it over the modem to your machine. The modems
> > > should not do that, but the idea of a poorly configured ISP, even a
> > > coax cable one, never shocks me.
> >
> >
> > My network is configured with the cable modem connected to my FreeBSD
> > gateway machine (into rl0). The FreeBSD machine's second card (ed1) is
> > connected to my hub's uplink. The two windows boxes (10.0.0.2 & 10.0.0.4)
> > are connected directly to the hub.
>
> Just a tiny point, if all of the devices connected to this hub are
> NICs, you should not need to use an "uplink" port.
>
> > I don't completely understand what leaking RFC 1918 addresses are.
> > Are these essentially leaked packets from my ISP's local subnet (other
> > machines in my district) that are being collected by my gateway from the
> > cable modem? Are these causing the problem or is it an issue of my
> > physical configuration?
>
> That packets from other machines could be reaching your NAT gateway
> from the external net is a _possibility._ However, it is very
> suspicious that the address happens to be one you are trying to use.
>
> > My system message buffer now has 10 pages or so worth of:
> > arp: 10.0.0.4 is on ed1 but got reply from 00:80:c8:e8:ea:d7 on rl0
>
> Have you identified the piece of hardware associated with
> 00:80:c8:e8:ea:d7? Use this command,
>
> % arp -a
>
> FYI, it's a piece of D-Link hardware.
>
> Also, what is the configuration of each interface (output of 'ifconfig
> interface' for both)?
I moved my gateway's NIC from the Uplink to a standard link on the hub,
and my lan connectivity is still working well, but I am still getting the
msgs.
this is the output of ifconfig:
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::2e0:29ff:fe54:a201%rl0 prefixlen 64 scopeid 0x1
inet 24.114.39.136 netmask 0xfffffc00 broadcast 24.114.39.255
ether 00:e0:29:54:a2:01
media: autoselect (none) status: active
supported media: autoselect 100baseTX <full-duplex> 100baseTX
10baseT/UT
P <full-duplex> 10baseT/UTP 100baseTX <hw-loopback>
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
ed1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
inet6 fe80::240:5ff:fe71:498c%ed1 prefixlen 64 scopeid 0x3
ether 00:40:05:71:49:8c
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xffffff00
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
inet6 fe80::2e0:29ff:fe54:a201%gif0 prefixlen 64 scopeid 0x7
and the output of arp -a is:
sakr.net (10.0.0.1) at 0:40:5:71:49:8c permanent [ethernet]
? (10.0.0.2) at 0:80:c6:f9:a5:55 [ethernet]
? (10.0.0.4) at 0:e0:29:54:9f:a6 [ethernet]
bb1-fe1-1.ym1.on.home.net (24.114.36.1) at 0:60:5c:76:5b:21 [ethernet]
The associated hardware seems to be my network card on the windows box
(10.0.0.2), although these messages were not occuring when I was connected
to the HUB alone on the network. Every since I added the other machine the
sys logs have been displaying the same errors.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10004191311530.3716-100000>