From owner-freebsd-net@FreeBSD.ORG Wed Aug 10 13:07:28 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CAEBC16A41F; Wed, 10 Aug 2005 13:07:28 +0000 (GMT) (envelope-from steve.langdon@mail.ru) Received: from f24.mail.ru (f24.mail.ru [194.67.57.160]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6D50C43D58; Wed, 10 Aug 2005 13:07:28 +0000 (GMT) (envelope-from steve.langdon@mail.ru) Received: from mail by f24.mail.ru with local id 1E2qIp-000NEB-00; Wed, 10 Aug 2005 17:07:27 +0400 Received: from [195.14.57.50] by win.mail.ru with HTTP; Wed, 10 Aug 2005 17:07:27 +0400 From: Steve Langdon To: freebsd-questions@freebsd.org Mime-Version: 1.0 X-Mailer: mPOP Web-Mail 2.19 X-Originating-IP: [195.14.57.50] Date: Wed, 10 Aug 2005 17:07:27 +0400 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Message-Id: Cc: freebsd-net@freebsd.org Subject: Stranges with ARP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Steve Langdon List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Aug 2005 13:07:28 -0000 Hello all. Help me to solve a strange conduct. I want to have permanent bundle with IP->MAC for users in our network to have some security. So, once my user's MAC doesn't appear in my ARP table, I have to block by ``arp -S ..' his IP with MAC generated by my script with prefix d1:fa:28. One day I have a phone talk with my user, he make complaints against slow speed in Internet. When I have checked his IP I feel a terrible :) tcpdump: listening on rl0 18:48:11.339543 213.238.62.65.80 > 192.168.57.90.1072: . 2091947455:2091948915(1460) ack 140637902 win 7441 (DF) [tos 0x60] ^C 561 packets received by filter 0 packets dropped by kernel Traffic comes to that user! root@router:~ % arp -a | grep -w 192.168.57.90 ? (192.168.57.90) at d1:fa:28:ec:87:98 on rl0 permanent [ethernet] root@router:~ % While user is blocked by _our_ generated MAC! Btw, could anyone advice me how to block user IP block without touching ipfw (I think to use route + ``-blackhole' to that user that have no his MAC in my ARP table), any ideas? root@router:~ % arping 192.168.57.90 ARPING 192.168.57.90 60 bytes from 00:00:f0:87:4b:ca (192.168.57.90): index=0 time=2.724 msec 60 bytes from 00:00:f0:87:4b:ca (192.168.57.90): index=1 time=9.966 msec ^C --- 192.168.57.90 statistics --- 2 packets transmitted, 2 packets received, 0% unanswered root@router:~ % His real MAC is 00:00:f0:87:4b:ca. I can't belave this could be. Whats wrong? As I think all traffic must transmit to d1:fa:28:ec:87:98, NOT to 00:00:f0:87:4b:ca and user's NIC must ignore that packet unless his interface in PROMISC mode. Or I'm wrong? root@router:~ % ifconfig rl0 | grep flags rl0: flags=8843 mtu 1500 root@router:~ % -- Best regards, Steve