Date: Wed, 17 Sep 2003 02:58:28 +0800 From: "Andrew Chan" <achan@achan.com> To: <freebsd-ipfw@freebsd.org> Subject: ARP not working on interface that does not have an IP Message-ID: <000c01c37c84$84017080$4d00a8c0@mickey>
next in thread | raw e-mail | index | archive | help
My description is lengthy but believe me, it is a "simple" problem. Greetings, I am trying to insert a FreeBSD Bridging Firewall into an existing = office broadband network. [[ ADSL modem / router (double as a NAT box) ]] <=3D=3D=3D> [[ "rl0" = FreeBSD "rl1" ]] <=3D=3D=3D> [[ office LAN switch ]] "rl0" is connected to the outside ADSL box and "rl1" is connected to the = internal office LAN switch The ADSL box has an IP of 192.168.0.1 and is the default router for = everybody. "rl1" has an IP of 192.168.0.2 while "rl0" does not have an = IP configured. I have 99% of everything working, including the passing of ARP (I am = running ipfw2 on 5.1R). The PCs on the office internal LAN can connect = to the outside world with no problem whatsoever. The only problem is "rl0" doesn't seem to be able to look up the MAC = address of 192.168.0.1 (the ADSL router) through ARP and that means any = TCP/IP connections I initiated on the FreeBSD box to the outside world = would fail. ? (192.168.0.1 at (incomplete) on rl1 [ethernet] Looks like the system is expecting the ARP entry to come from rl1 while = it should have been from rl0. I ran tcpdump on "rl0" and saw both the outgoing ARP requests from the = FreeBSD box and the ARP replies from 192.168.0.1. It is just the FreeBSD = box never seem to get the ARP replies. This problem stays the same even = when I run an "open" firewall so I am quite sure it is not something = about the rules. If I give "rl0" an IP address and leave "rl1" without one then the = problem is reversed, i.e. "rl1" cannot get any ARP stuff going. I also tried to give "rl0" an IP address of 192.168.0.3 but "ifconfig" = wouldn't take it complaining about: ifconfig: ioctl (SIOCAIFADDR): File exists I also tried to give "rl0" an IP address from another subnet (just to = fake it) say 192.168.1.1 but then FreeBSD complained about the ARP = replies of 192.168.0.1 were coming from the "wrong interface". It was = expecting it to come from "rl1" (who is in the network range of = 192.168.0.0) instead of from "rl0" (who is NOT in the networking range = of 192.168.0.0). I think I exhausted my experience here and would really appreciate some = help. Many thanks! Andrew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000c01c37c84$84017080$4d00a8c0>