Skip site navigation (1)Skip section navigation (2)
Date:       Thu, 4 Jan 2001 08:31:23 +0100
From:      "Weert de G.H. Gert" <gert.de.weert@travelunie.nl>
To:        <cjclark@alum.mit.edu>
Cc:        <freebsd-questions@freebsd.org>
Subject:   Re: Arp messages, probably nothing to worry about...
Message-ID:  <000d01c07620$56d36720$04470096@C01076>
References:  <003301c0755c$1d3f42a0$04470096@C01076> <20010103013334.C95729@rfx-64-6-211-149.users.reflexco> <005001c0756c$9377e5c0$04470096@C01076> <20010103134745.A12102@rfx-64-6-211-149.users.reflexco>

next in thread | previous in thread | raw e-mail | index | archive | help



----- Original Message -----
From: "Crist J. Clark" <cjclark@reflexnet.net>
To: "Weert de G.H. Gert" <gert.de.weert@travelunie.nl>
Cc: <freebsd-questions@freebsd.org>
Sent: Wednesday, January 03, 2001 10:47 PM
Subject: Re: Arp messages, probably nothing to worry about...


> On Wed, Jan 03, 2001 at 11:04:35AM +0100, Weert de G.H. Gert wrote:
> >
> > ----- Original Message -----
> > From: "Crist J. Clark" <cjclark@reflexnet.net>
> > To: "Weert de G.H. Gert" <gert.de.weert@travelunie.nl>
> > Cc: <freebsd-questions@FreeBSD.ORG>
> > Sent: Wednesday, January 03, 2001 10:33 AM
> > Subject: Re: Arp messages, probably nothing to worry about...
> >
> >
> > > On Wed, Jan 03, 2001 at 09:06:45AM +0100, Weert de G.H. Gert
wrote:
>
> [snip]
>
> > > > Dec 28 13:31:12 obelix /kernel: arp: 192.168.1.3 is on ep0 but
got
> > > > reply from 00
> > > > :10:5a:dc:21:cb on ep1
> > >
> > > Since the MAC address is different from the one off of ep0 and
also
> > > different from the next one, my best guess is some other luzer
on
> > > your LAN has plugged his "private" network into a hub along with
the
> > > connection to his cable modem. His "private" network is part of
the
> > > public LAN.
> >
> > Ok. But I have a couple of firewallrules to block this. At least I
> > thought it is.
> >
> > # Stop RFC1918 nets on the outside interface
> >   /sbin/ipfw add 200 deny all from 192.168.0.0/16 to any in via
ep1
> >   /sbin/ipfw add 210 deny all from 172.16.0.0/12 to any in via ep1
> >   /sbin/ipfw add 220 deny all from 10.0.0.0/8 to any in via ep1
> > #
>
> These will have no impact on your ARP messages. ipfw works, as the
> name suggests, at the IP layer. ARP is a link layer protocol. It is
> processed in the kernel before it gets to the firewall. This is not
a
> bug.

Ok, arp messages are processed before they hit the firewall.
These rules do not have any impact on arp messages.

> [snip]
>
> > > > ; ------------------------------
> > > > [root@obelix] /var/log # arp -a
> > > > obelix.wnw.org (192.168.1.1) at 0:50:4:1a:ab:a0 permanent
> > [ethernet]
> > > > asterix.wnw.org (192.168.1.2) at (incomplete) [ethernet]
> > > > idefix.wnw.org (192.168.1.3) at 0:60:8c:df:c5:2 [ethernet]
> > > > ? (192.168.1.255) at ff:ff:ff:ff:ff:ff permanent [ethernet]
> > > > ? (213.51.104.1) at 0:50:f:a9:a0:1c [ethernet]
> > >
> > > And this MAC is different from the two above. Looks like your
cable
> > > modem is acting like a real bridge. What kind is it?
> >
> > It's a (standard) com21 cable modem.
>
> Which one from:
>
>   http://www.com21.com/products/cable_modems/index.htm

I think I'm using a 'comport2000'.

> If you don't mind my curiosity.
> --
> Crist J. Clark                           cjclark@alum.mit.edu

Cheers,
Gert de Weert



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000d01c07620$56d36720$04470096>