From owner-freebsd-ipfw@FreeBSD.ORG  Thu Aug 25 18:09:48 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E055816A41F
	for <freebsd-ipfw@freebsd.org>; Thu, 25 Aug 2005 18:09:48 +0000 (GMT)
	(envelope-from cdick@mail.ocis.net)
Received: from mail.ocis.net (mail.ocis.net [209.52.173.152])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6225A43D5D
	for <freebsd-ipfw@freebsd.org>; Thu, 25 Aug 2005 18:09:48 +0000 (GMT)
	(envelope-from cdick@mail.ocis.net)
Received: from mail.ocis.net ([209.52.173.152])
	by mail.ocis.net with esmtp (Exim 4.43)
	id 1E8MAd-0005QH-OM; Thu, 25 Aug 2005 11:09:47 -0700
Date: Thu, 25 Aug 2005 11:09:47 -0700 (PDT)
From: Colin Dick <cdick@mail.ocis.net>
To: lug@lug.kamloops.net, freebsd-ipfw@freebsd.org
Message-ID: <Pine.LNX.4.58.0508251046370.29432@mail.ocis.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: 
Subject: Differences is arp requests FreeBSD vs Linux
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Aug 2005 18:09:49 -0000

Hey all,
	My problem with my router dropping packets when moving to FreeBSD
4.11 from Linux appears to be related to arp.  This router sits between my
network and the upstream ADSL whole-sale ports.  I had thought that the
upstream's Cisco was not advertising the customer local arps but that does
not appear to be the case.  It must have been a (?broken?) function of
Linux.

	When I grep the who-has arp entries from tcpdump on Linux, I only
see addresses to or from the sub-interfaces (gateways) of the box.
	When I grep the who-has arp entires from FreeBSD, I see the end
users local arps as well.  With viruses and vulnerabilities the way they
are this increase in arps seems to be causing errors on the Cisco.

	I used ipfw to shut down particular 'problem' users and blocking
some udp ports (1434, 1026, 1027) which seems to help a bit, but I still 
couldn't stabalize.  I had to go back to Linux.

	So, my question is, what can be done to silently discard the
customer local arps or emulate the way the Linux router is functioning
with ipfw? Is there a kernel opt that I can set at bootup?  Am I on the 
wrong track entirely?

	Thanks in advance for any feedback.  I am looking forward to 
getting this router replaced.

--
Colin