From owner-freebsd-net@FreeBSD.ORG Wed Feb 14 10:45:44 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F075316A402 for ; Wed, 14 Feb 2007 10:45:44 +0000 (UTC) (envelope-from ea@sellinet.net) Received: from sellinet.net (galileo.sellinet.net [82.199.192.2]) by mx1.freebsd.org (Postfix) with SMTP id 3BEAC13C478 for ; Wed, 14 Feb 2007 10:45:44 +0000 (UTC) (envelope-from ea@sellinet.net) Received: (qmail 31673 invoked by uid 1009); 14 Feb 2007 12:19:02 +0200 Received: from ea@sellinet.net by galileo by uid 1002 with qmail-scanner-1.22 (spamassassin: 3.0.3. Clear:RC:1(127.0.0.1):. Processed in 0.088185 secs); 14 Feb 2007 10:19:02 -0000 Received: from unknown (HELO z.sellinet.net) (127.0.0.1) by localhost with SMTP; 14 Feb 2007 12:19:01 +0200 Received: from 82.199.192.218 (SquirrelMail authenticated user ea@sellinet.net); by z.sellinet.net with HTTP; Wed, 14 Feb 2007 12:19:01 +0200 (EET) Message-ID: <51675.82.199.192.218.1171448341.squirrel@82.199.192.218> Date: Wed, 14 Feb 2007 12:19:01 +0200 (EET) From: ea@sellinet.net To: freebsd-net@freebsd.org User-Agent: SquirrelMail/1.4.2 X-Mailer: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=windows-1251 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: Strange behavior with arp permanent entries X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2007 10:45:45 -0000 Hello, Guys! I'm trying to restrict some LAN access by arp permanent entries. But it didn't work or it didn't work as I realize it. For example I have the following perm entries: user1: (82.199.215.195) at 00:0f:ea:a4:60:c5 on vlan804 permanent [vlan] user2: (82.199.215.196) at 00:13:8f:b1:68:4b on vlan804 permanent [vlan] And from what I realize if the user1 attempts to use user2's IP address. The Router should block all packets which coming from wrong physical address. But actually that didn't happen and user1 can use user2's IP address without any problems. Maybe someone of you will advice me to use ipfw arp rules but when I turn net.link.ether.ipfw ON I'm getting very low performance from the router. We talking about 800mbps and 600k packets per second, and many users which means many ipfw arp rules. System1 info: FreeBSD 6.2-RELEASE Intel(R) Xeon(R) CPU 5130 @ 2.00GHz 1G ram System2 info: FreeBSD 6.1-RELEASE ntel(R) Xeon(R) CPU 5130 @ 2.00GHz 1G ram Also I have a few other systems and it seems that it works on them (Working)System3 info: 6.0-RELEASE Dual Core AMD Opteron(tm) Processor 275 @ 2193.76-MHz 1G ram (Working)System4 info: 6.2-PRERELEASE Intel(R) Xeon(R) CPU 5130 @ 2.00GHz 1G ram Thank you guys. Any suggestions will be appreciated. Regards, E.A. -------------------------------------------------------------- SELLINET Internet Services Provider - http://www.sellinet.net/