Date: Wed, 27 Nov 2002 15:06:50 -0600 From: "Kevin D. Kinsey, DaleCo, S.P." <kdk@daleco.biz> To: "Mark" <mw@lanfear.com>, <freebsd-questions@FreeBSD.ORG> Cc: <mw@lanfear.com> Subject: Re: ARP flood = Firewall locks up??? Message-ID: <029101c29658$e8a151d0$fa00a8c0@DaleCoportable> References: <1038427514.2997.22.camel@donburi>
next in thread | previous in thread | raw e-mail | index | archive | help
From: "Mark" <mw@lanfear.com> To: <freebsd-questions@FreeBSD.ORG> Subject: ARP flood = Firewall locks up??? > Hi! > > Not being a terribly monstrous expert with FreeBSD firewalls, I was > quite relieved when I managed to get my FreeBSD 4.3 machine up and > running with a "simple" firewall and NAT for my subnet to my local cable > modem provider. > > The firewall configuration was, indeed, the pure 'simple', with a > couple of extra rules to allow DNS (udp to and from 53). > > Now, the problem is, about three weeks ago, I started seeing a FLOOD > of ARP messages on xl0, my interface to the internet over the cable > modem. They are mostly of the nature: > <snip> > Questions: > > 1. Any ideas what this ARP flood is? Is it some tool the ISP is > using or something? > Looks like common DNS traffic, up to a point. It is quite a bit, I suppose, since your log excerpt is just a few seconds worth. Is this a firewall log we're looking at, or a tcpdump? If you use 'tcpdump' on the WAN if, you're getting your neighbors packets also, right? You mention not being able to get more info....check most of the files in /var/log...anything showing up on the console, or it that directed to a text log.....? What services are you running on your own subnet...I don't find a DNS server there.... I wonder about the 10.x.x.x addy....something wrong in someone's config, perhaps<?>... > 2. Any idea what's up with the firewall? Why would it be locking > up? I must confess to being a bit of a firewall newbie, so i'm not 100% > sure how to go about getting it to give me more information, logging, > etc ... I might just upgrade to 4.7 and see what happens, but I'd > rather understand this first .... > I'm newb also, but are we sure it's just the firewall? If you're rebooting to fix the problem, you're resetting more than just the FW..... > Any suggestions would be appreciated... > > Thanks, > mark. That's about all I've done, suggested... G'luck, Kevin Kinsey To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?029101c29658$e8a151d0$fa00a8c0>