Date: Mon, 17 Apr 2000 22:50:20 -0400 From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: miy <miyako@sakr.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: network replies causing system messages flooding Message-ID: <20000417225020.A52719@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <Pine.BSF.4.10.10004171838230.4331-100000@sakr.net>; from miyako@sakr.net on Mon, Apr 17, 2000 at 06:56:47PM -0400 References: <20000416212801.C48499@cc942873-a.ewndsr1.nj.home.com> <Pine.BSF.4.10.10004171838230.4331-100000@sakr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 17, 2000 at 06:56:47PM -0400, miy wrote: > On Sun, 16 Apr 2000, Crist J. Clark wrote: > > On Sun, Apr 16, 2000 at 01:22:06AM -0400, miy wrote: > > > > > > I originally had a windows box [10.0.0.2] connected to my cable connection > > > through a FreeBSD gateway running natd. I recently added a second windows > > > box to the network, and I it connects properly to the gateway, but I am > > > getting flooded by the following system message: > > > > > > arp: 10.0.0.4 is on ed1 but got reply from 00:80:c8:e8:ea:d7 on rl0 > > > arp: 10.0.0.4 is on ed1 but got reply from 00:80:c8:e8:ea:d7 on rl0 > > > arp: 10.0.0.4 is on ed1 but got reply from 00:80:c8:e8:ea:d7 on rl0 > > > arp: 10.0.0.4 is on ed1 but got reply from 00:80:c8:e8:ea:d7 on rl0 > > > > > > My natd configuration is as follows: > > > /sbin/natd -s -n rl0 -redirect_port tcp 10.0.0.2:2121 2121 > > > /sbin/ipfw add 1000 divert 6668 ip from any to any via rl0 > > > /sbin/ipfw add 1002 divert 6668 ip from 10.0.0.2/24 to any via rl0 > > > > > > > > > #10.0.0.4 is the most recent windows box that was added to the network. > > > > Well, if it weren't for the fact that you say that the 10.0.0.4 host > > is on your net behind the NAT gateway, I would think that you > > connected the 10.0.0.4 machine on the rl0 interface. Just to be safe, > > how do you have the network physically configured? You don't have both > > NICs on the gateway plugged into one hub or something like that, > > right? > > > > It could be that someone else on your cable LAN is leaking RFC 1918 > > addresses, and they make it over the modem to your machine. The modems > > should not do that, but the idea of a poorly configured ISP, even a > > coax cable one, never shocks me. > > > My network is configured with the cable modem connected to my FreeBSD > gateway machine (into rl0). The FreeBSD machine's second card (ed1) is > connected to my hub's uplink. The two windows boxes (10.0.0.2 & 10.0.0.4) > are connected directly to the hub. Just a tiny point, if all of the devices connected to this hub are NICs, you should not need to use an "uplink" port. > I don't completely understand what leaking RFC 1918 addresses are. > Are these essentially leaked packets from my ISP's local subnet (other > machines in my district) that are being collected by my gateway from the > cable modem? Are these causing the problem or is it an issue of my > physical configuration? That packets from other machines could be reaching your NAT gateway from the external net is a _possibility._ However, it is very suspicious that the address happens to be one you are trying to use. > My system message buffer now has 10 pages or so worth of: > arp: 10.0.0.4 is on ed1 but got reply from 00:80:c8:e8:ea:d7 on rl0 Have you identified the piece of hardware associated with 00:80:c8:e8:ea:d7? Use this command, % arp -a FYI, it's a piece of D-Link hardware. Also, what is the configuration of each interface (output of 'ifconfig interface' for both)? -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000417225020.A52719>