Date: Thu, 28 Feb 2008 15:52:49 +0100 From: "Maechler Philippe" <pmaechler@glattnet.ch> To: "'Erik Norgaard'" <norgaard@locolomo.org> Cc: freebsd-questions@freebsd.org Subject: RE: ARP Messages Message-ID: <005801c87a19$966b13b0$3202a8c0@glattwerk.local> In-Reply-To: <47C526C6.5080809@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Erik > -----Original Message----- > From: Erik Norgaard [mailto:norgaard@locolomo.org]=20 > Sent: Wednesday, February 27, 2008 10:01 AM > To: Maechler Philippe > Cc: freebsd-questions@freebsd.org > Subject: Re: ARP Messages >=20 >=20 > Maechler Philippe wrote: > >>> ------------- =20 > >>> | server | switch switch =20 > >>> |192.168.3.222|----[(3.x/24)]--[(3.x/24)] > >>> |80.242.192.80|bge1 | =20 > >>> ------------- | > >>> |bge0 ------------------- > >>> | | > >>> [switch]----[Gateway 80.242.192.65]---[INTERNET] | > >>> | | > >>> | | > >>> [switch] | > >>> | | > >>> |bge0 | > >>> --------------------------------- | > >>> | 80.242.192.81 00:19:bb:25:7b:63| | > >>> | 192.168.3.226 00:19:bb:25:7b:64|-------------------- > >>> --------------------------------- > >> Do you see the same loop as I do? > >> > >> Request goes out on one interface, response comes back on the > > other - > >> pretty much what the message says. > >> > >=20 > > Yes I see the loop, the error messages make sense but don't=20 > understand=20 > > it :/ I set up extra routes for the private network so how can a=20 > > packet from the public interface arrive at a private one? > >=20 > > I'll recheck the cabeling, the routes on the servers and the switch=20 > > the're connected to and give you feedback here >=20 > Well, it appears to me that you are on the wrong box to solve the=20 > problem. The server sends an error message as it should. >=20 > What happens is that your unnamed box receives an arp request on its=20 > bge0 interface, but sends the respond on its bge1 interface.=20 > You can use=20 > snort to listen for arp packets to see what's going on. >=20 > I do not know why you have created a loop, with correct routing and=20 > firewall there should be no need for a loop. The easy solution is to=20 > pull a cable - either one on that unnamed box. >=20 Ok I rechecked everything and found the loop. There was a "missconfiguration/misscabling" on one switch/vlan which caused leaking arp-broadcast packages to other ports :( Thanks to all for your hints and help Philippe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005801c87a19$966b13b0$3202a8c0>