Date: Thu, 19 Jan 2006 17:52:17 -0700 From: Jeff at NorrisTechs <jeff@norristechs.net> To: "Edinilson J. Santos" <edinilson@atinet.com.br> Cc: FreeBSD ISP <freebsd-isp@freebsd.org> Subject: Re: ARP MESSAGES FILLING CONSOLE Message-ID: <43D03441.6020702@norristechs.net> In-Reply-To: <00b001c61b56$0fd3bd30$1d1de7c8@atinet.com.br> References: <43CC3F2F.6090301@norristechs.net> <00b001c61b56$0fd3bd30$1d1de7c8@atinet.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks.. saved me some frustration and also not filling up the syslog either. ------------------------------------------------------------------------ */Jeff Norris/* /~ Web Hosting ~ VPN Solutions ~ Network Management ~ Design, deploy, kick ass. / *N*orris*Techs* dot net http://www.norristechs.net *AOL IM or Yahoo IM: _ ntshelper _* Edinilson J. Santos wrote: >Try to use in sysctl.conf > >net.link.ether.inet.log_arp_wrong_iface=0 > > >Edinilson >--------------------------------------------------------- >ATINET-Professional Web Hosting >Tel Voz: (0xx11) 4412-0876 >http://www.atinet.com.br > > >----- Original Message ----- >From: "Jeff at NorrisTechs" <jeff@norristechs.net> >To: "FreeBSD ISP" <freebsd-isp@freebsd.org> >Sent: Monday, January 16, 2006 10:49 PM >Subject: ARP MESSAGES FILLING CONSOLE > > > >Everyone, >First off, no attitude or sarcasm g; > >After running BSD since 4.0 I have come to love the feature rich set it >offers and stability as well. > >I have an interesting network situation. I have several BSD based >servers which are multi-hone (Two Nics) one Nic faces the internet, the >other faces a PRIVATE IP subnet and wireless DMZ. However since the >internet router is also the end point for the wireless DMZ I get a >barrage of ARP messages indicating the the private nic is receiving ARP >for the public network and vice versa. > >Heres a ascii drawing of whats going on. (example we will say that >10.0.0.0/8 is the public side and 192.168.100.0/24 is the private side) > >(INTERNET) 10.0.0.0/8 (again an exmple) > ! > ! > v > > ROUTER -----> (10.0.0.1/8)<-> WIRELESS (DMZ) 192.168.100.2/24 Connect >to Client AP below > ! BSD-1 10.0.0.200/8 (FXP0) > ! > ! > 10.0.0.5/8 > (NAT BOX) > ! > ! > ! BSD-1 192.168.100.200/24 (XL0) > PRIVATE 192.168.100.24 (NAT IP for PC etc) > ! > !--------(CLIENT AP) 192.168.100.5----------------^Connected to above AP > (Wireline to client AP 192.168.1.0/24) > > >Now BSD1 FXP0 (public) and XL0 (priate) are connected together to >common Layer network, not looped on a Layer2 level otherwise the network >would crash, but both NICs are connect in a broadcast domain. >If I down XL0 of course everthing is cool , and no ARP messages, but the >XL0 nic is used for management traffic. > >I could either put a router between the Client AP and the router-wireles >DMZ or leave XL0 down. >Move the client AP to the DMZ side and multinet the NAT box (all ready >done this) but NAT gets in the way for several applications (remote >server management) > >I would like to know if at all possible to disable ARP requests per NIC, >make static entiries that override any manual ARP request. > > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43D03441.6020702>