From owner-freebsd-questions@FreeBSD.ORG Thu Jun 5 17:54:38 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D766837B401 for ; Thu, 5 Jun 2003 17:54:38 -0700 (PDT) Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1566F43FDD for ; Thu, 5 Jun 2003 17:54:37 -0700 (PDT) (envelope-from on@cs.ait.ac.th) Received: from banyan.cs.ait.ac.th (on@banyan.cs.ait.ac.th [192.41.170.5]) by mail.cs.ait.ac.th (8.12.3/8.9.3) with ESMTP id h560r84w075033; Fri, 6 Jun 2003 07:54:23 +0700 (ICT) Received: (from on@localhost) by banyan.cs.ait.ac.th (8.8.5/8.8.5) id HAA25858; Fri, 6 Jun 2003 07:54:48 +0700 (ICT) Date: Fri, 6 Jun 2003 07:54:48 +0700 (ICT) Message-Id: <200306060054.HAA25858@banyan.cs.ait.ac.th> X-Authentication-Warning: banyan.cs.ait.ac.th: on set sender to on@banyan.cs.ait.ac.th using -f From: Olivier Nicole To: mthomas@breakawayltd.com In-reply-to: References: X-Virus-Scanned: by amavisd-milter (http://amavis.org/) cc: freebsd-questions@freebsd.org Subject: Re: Firewall/DMZ routing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 00:54:39 -0000 > 08:33:08.160246 arp who-has A.B.C.154 tell A.B.C.145 It looks to me as if your ISP does not know you've subnetd your subnet. If it knew, it should never try to do an arp for the subnet A.B.C.152/29 but route the ICMP to A.B.C.146 and that's it. So the router of your ISP genuinely beleive that A.B.C.154 belongs to its Ethernet reachable network (which is not as you have the FW in between). Olivier