From owner-freebsd-isp@FreeBSD.ORG  Sat Feb 10 18:58:04 2007
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
X-Original-To: freebsd-isp@freebsd.org
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 97ED216A402
	for <freebsd-isp@freebsd.org>; Sat, 10 Feb 2007 18:58:04 +0000 (UTC)
	(envelope-from isp@museum.rain.com)
Received: from ns.umpquanet.com (ns.umpquanet.com [63.105.30.37])
	by mx1.freebsd.org (Postfix) with ESMTP id 77CF313C461
	for <freebsd-isp@freebsd.org>; Sat, 10 Feb 2007 18:58:02 +0000 (UTC)
	(envelope-from isp@museum.rain.com)
Received: from ns.umpquanet.com (localhost [127.0.0.1])
	by ns.umpquanet.com (8.13.8/8.13.8) with ESMTP id l1AIKF0I011099;
	Sat, 10 Feb 2007 10:20:16 -0800 (PST)
	(envelope-from isp@museum.rain.com)
Received: (from james@localhost)
	by ns.umpquanet.com (8.13.8/8.13.8/Submit) id l1AIKF7R011098;
	Sat, 10 Feb 2007 10:20:15 -0800 (PST)
	(envelope-from isp@museum.rain.com)
Date: Sat, 10 Feb 2007 10:20:15 -0800
From: Jim Long <isp@museum.rain.com>
To: ea@sellinet.net
Message-ID: <20070210182015.GA9234@ns.umpquanet.com>
References: <2947.82.199.223.6.1171128810.squirrel@82.199.223.6>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <2947.82.199.223.6.1171128810.squirrel@82.199.223.6>
User-Agent: Mutt/1.5.13 (2006-08-11)
Cc: freebsd-isp@freebsd.org
Subject: Re: [Strange behavior with arp permanent entries]
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Feb 2007 18:58:04 -0000

On Sat, Feb 10, 2007 at 07:33:30PM +0200, ea@sellinet.net wrote:
> 
> I'm trying to restrict some LAN access by arp permanent entries. But it
> didn't work or it didn't work as I realize it. For example I have the
> following perm entries:
> 
> user1: (82.199.215.195) at 00:0f:ea:a4:60:c5 on vlan804 permanent [vlan]
> user2: (82.199.215.196) at 00:13:8f:b1:68:4b on vlan804 permanent [vlan]
> 
> And from what I realize if the user1 attempts to use user2's IP address.
> The Router should block all packets which coming from wrong physical
> address. But actually that didn't happen and user1 can use user2's IP
> address without any problems.

Have you tried using 'staticarp' in this interface's ifconfig(8) 
settings?  If you turn on staticarp, you'll probably need to specify 
arp entries for ALL hosts on that interface -- or at least, all the 
ones you care about.

HTH,

Jim