Date: Wed, 14 Feb 2007 12:19:01 +0200 (EET) From: ea@sellinet.net To: freebsd-net@freebsd.org Subject: Strange behavior with arp permanent entries Message-ID: <51675.82.199.192.218.1171448341.squirrel@82.199.192.218>
next in thread | raw e-mail | index | archive | help
Hello, Guys! I'm trying to restrict some LAN access by arp permanent entries. But it didn't work or it didn't work as I realize it. For example I have the following perm entries: user1: (82.199.215.195) at 00:0f:ea:a4:60:c5 on vlan804 permanent [vlan] user2: (82.199.215.196) at 00:13:8f:b1:68:4b on vlan804 permanent [vlan] And from what I realize if the user1 attempts to use user2's IP address. The Router should block all packets which coming from wrong physical address. But actually that didn't happen and user1 can use user2's IP address without any problems. Maybe someone of you will advice me to use ipfw arp rules but when I turn net.link.ether.ipfw ON I'm getting very low performance from the router. We talking about 800mbps and 600k packets per second, and many users which means many ipfw arp rules. System1 info: FreeBSD 6.2-RELEASE Intel(R) Xeon(R) CPU 5130 @ 2.00GHz 1G ram System2 info: FreeBSD 6.1-RELEASE ntel(R) Xeon(R) CPU 5130 @ 2.00GHz 1G ram Also I have a few other systems and it seems that it works on them (Working)System3 info: 6.0-RELEASE Dual Core AMD Opteron(tm) Processor 275 @ 2193.76-MHz 1G ram (Working)System4 info: 6.2-PRERELEASE Intel(R) Xeon(R) CPU 5130 @ 2.00GHz 1G ram Thank you guys. Any suggestions will be appreciated. Regards, E.A. -------------------------------------------------------------- SELLINET Internet Services Provider - http://www.sellinet.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51675.82.199.192.218.1171448341.squirrel>