From owner-freebsd-security  Tue Oct 16 23:58:37 2001
Delivered-To: freebsd-security@freebsd.org
Received: from yorktown.francisscott.net (yorktown.francisscott.net [216.179.185.125])
	by hub.freebsd.org (Postfix) with ESMTP id AD3E237B40D
	for <security@freebsd.org>; Tue, 16 Oct 2001 23:58:23 -0700 (PDT)
Received: from gatekeeper.heavymetal.org (cy565913-a.rdondo1.ca.home.com [24.177.248.173])
	by yorktown.francisscott.net (8.11.6/8.11.6) with ESMTP id f9H6wB804364
	for <security@freebsd.org>; Tue, 16 Oct 2001 23:58:11 -0700
Received: from zeppelin (zeppelin.heavymetal.org [192.168.250.7])
	by gatekeeper.heavymetal.org (8.11.6/8.11.6) with SMTP id f9H6wAX03567
	for <security@freebsd.org>; Tue, 16 Oct 2001 23:58:10 -0700 (PDT)
	(envelope-from scott@lampert.org)
Message-ID: <000f01c156d9$152988a0$07faa8c0@zeppelin>
From: "Scott Lampert" <scott@lampert.org>
To: <security@freebsd.org>
Subject: Bridging Firewall - 3 interfaces - arp issue
Date: Tue, 16 Oct 2001 23:58:10 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

    I have a box I've setup as a bridging firewall with ipfw.  It has 3
interfaces - two are bridged, without IP addresses, and the third has an IP
address and is connected to the inside network.  Basically it looks like
this:

   ************
   * Internet *
   **+********
       | 192.168.1.1/24
       |
       |
       | bridge outside
       |
+--+-------+   192.168.1.2/24
|  Firewall Box +-----+
+--+-------+           |
       |  bridge inside      |
       |                            |
       |                       +-+-------+
       +-----------|    Switch      |
                               +--------- +



I hope the poor ascii art helps rather than hinders. :)  In any event, I've
noticed after running the firewall for a few hours that I start getting the
following message in my dmesg output:

arp: 00:aa:bb:cc:dd:ee is using my IP address 192.168.1.2!
xx ouch, bdg_forward for local pkt


The box is complaining about the third interface saying it has the IP its
supposed to have.  For some reason the box doesn't realize that its own
interface is answering arps correctly.  Is this normal behavior or have I
misconfigured something?  Do I need to add the third interface to the bridge
configuration?

            -Scott


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message