Date: Tue, 25 Jun 2002 05:54:57 -0700 From: Luigi Rizzo <luigi@iet.unipi.it> To: Suresh Ramasamy <sureshdr@time.net.my> Cc: ipfw@freebsd.org Subject: Re: Question on Filtered Bridging and ARP takeovers Message-ID: <20020625055457.B24694@iguana.icir.org> In-Reply-To: <5.1.0.14.2.20020625130437.02cf03f0@pop.time.net.my>; from sureshdr@time.net.my on Tue, Jun 25, 2002 at 01:24:51PM %2B0800 References: <5.1.0.14.2.20020625120053.02bf64e8@pop.time.net.my> <5.1.0.14.2.20020625120053.02bf64e8@pop.time.net.my> <20020624215809.A21492@iguana.icir.org> <5.1.0.14.2.20020625130437.02cf03f0@pop.time.net.my>
next in thread | previous in thread | raw e-mail | index | archive | help
sounds like it is the "new firewall" that is broken, not FreeBSD! cheers luigi On Tue, Jun 25, 2002 at 01:24:51PM +0800, Suresh Ramasamy wrote: > Thanks Luigi, > > I've installed a filtered bridging running on FreeBSD 4.5 Stable > with these config > > WAN ---------- FB (10.10.68.181) ---- Client (10.10.68.222) > | > +---------- the rest of 10.10.68.x > > Recently, a new firewall was introduced and this firewall was using an > active ARP > scanning that "overtakes" IP that does not respond to ping. > > The client 68.222 is ICMP disabled with only a few TCP ports open. > What i noticed is that when I ping from WAN segment to the client, > in the FB, it shows that ARP is taken over by the rogue firewall. > > Temporary Workaround > > I added a static ARP entry onto FB (arp -S 10.10.68.222 mac_address pub) to > publish the ARP into the network segment switch. > > Or is there a documented workaround? > > > Q: Should the bridge function on FreeBSD address the ARP poisoning issue? > If so, I would like to recommend an addition of this into the bridge function > to identify network at the other end and establish an arp broadcasting > function for > the segment behind the filtered bridging. > > At 12:58 PM 6/25/2002, you wrote: > >On Tue, Jun 25, 2002 at 12:01:46PM +0800, Suresh Ramasamy wrote: > > > I have a question on FreeBSD filtered bridging and ARP > > > takeovers. Could i direct the question to you, or specifically to > > > a mailing list? > > > >just ask both me and ipfw@freebsd.org > > > >luigi > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020625055457.B24694>