From owner-freebsd-questions Fri Mar 14 13:58:54 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2A43E37B404 for ; Fri, 14 Mar 2003 13:58:52 -0800 (PST) Received: from sccrmhc01.attbi.com (sccrmhc01.attbi.com [204.127.202.61]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3790C43FA3 for ; Fri, 14 Mar 2003 13:58:51 -0800 (PST) (envelope-from freebsd-questions-local@be-well.no-ip.com) Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com[24.147.188.198]) by sccrmhc01.attbi.com (sccrmhc01) with ESMTP id <2003031421585000100jalj8e>; Fri, 14 Mar 2003 21:58:50 +0000 Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com [24.147.188.198] (may be forged)) by be-well.ilk.org (8.12.8/8.12.7) with ESMTP id h2ELwnHI037921; Fri, 14 Mar 2003 16:58:50 -0500 (EST) (envelope-from freebsd-questions-local@be-well.no-ip.com) Received: (from lowell@localhost) by be-well.ilk.org (8.12.8/8.12.6/Submit) id h2ELwnWw037918; Fri, 14 Mar 2003 16:58:49 -0500 (EST) X-Authentication-Warning: be-well.ilk.org: lowell set sender to freebsd-questions-local@be-well.ilk.org using -f To: Cc: Subject: Re: Arplookup - what gives ? References: <002301c2ea4f$c81301c0$0701a8c0@darryl> From: Lowell Gilbert Date: 14 Mar 2003 16:58:49 -0500 In-Reply-To: <002301c2ea4f$c81301c0$0701a8c0@darryl> Message-ID: <44adfxk3ty.fsf@be-well.ilk.org> Lines: 43 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "Darryl Hoar" writes: > I am running 4.7-stable on a box. It is my firewall, nat box. > ep0 is connected to my ISP's dsl. ep1 is connected to > my internal private LAN. My internal lan uses the private > ip addresses 192.168.1.x. I have two machines on my > internal lan, not including the firewall box. > > I am getting > /kernel arplookup failure: 10.1.1.1 not on local network. > > my ISP assigns a real IP to my ep0 interface usings dhcp. > > what is causing this and how do I stop it ? I have added a > rule to block 10.x.x.x in, but it has not stopped the messages. That kind of makes sense, because ARP isn't IP, and ipfw doesn't, so far as I can see, have a way to filter it specifically. I don't think that ARP packets even get to it, but I'm too lazy to go check right now. > I can ping 10.1.1.1, and if I down ep0, I cannot ping 10.1.1.1. That's ICMP, which *also* isn't -- exactly -- IP (but it's tied tightly enough to it that ipfw has special provisions for it). > I have alerted my ISP to this problem (thought 10.x.x.x weren't > suppose to be routed). Unfortunately, it's not clear that they're doing anything wrong. They can route RFC 1918 addresses all they want, as long as they stay within their own network. One thing you could do that I *think* would stop those messages is to put an alias on your outside network on the 10.1.x.x network. As long as you keep the IP block on those addresses, it shouldn't open up any vulnerabilities. Incidentally, I think that these comments apply as well to ipfilter as to ipfw. On the other hand, I've got to be overlooking something, because running multiple subnets on the same wire is a pretty common thing to do. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message