From owner-freebsd-isp@FreeBSD.ORG  Thu Mar  1 15:37:25 2007
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
X-Original-To: freebsd-isp@freebsd.org
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 5373916A404
	for <freebsd-isp@freebsd.org>; Thu,  1 Mar 2007 15:37:25 +0000 (UTC)
	(envelope-from msgs_for_me@mail.ru)
Received: from mx7.mail.ru (mx7.mail.ru [194.67.23.27])
	by mx1.freebsd.org (Postfix) with ESMTP id 1351813C461
	for <freebsd-isp@freebsd.org>; Thu,  1 Mar 2007 15:37:25 +0000 (UTC)
	(envelope-from msgs_for_me@mail.ru)
Received: from [80.244.229.35] (port=26145 helo=VLADIMIR)
	by mx7.mail.ru with asmtp id 1HMnLM-000Ogf-00
	for freebsd-isp@freebsd.org; Thu, 01 Mar 2007 18:37:20 +0300
X-Nat-Received: from [192.168.1.110]:1143 [ident-empty]
	by smtp-proxy.vltele.com with TPROXY id 1172763250.12586
Date: Thu, 1 Mar 2007 18:35:19 +0300
From: Vladimir Kapustin <msgs_for_me@mail.ru>
X-Mailer: The Bat! (v3.85.03) Professional
Organization: vltele.com
X-Priority: 3 (Normal)
Message-ID: <1422719080.20070301183519@mail.ru>
To: freebsd-isp@freebsd.org
References: 20070210182015.GA9234@ns.umpquanet.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: [Strange behavior with arp permanent entries]
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Vladimir Kapustin <msgs_for_me@mail.ru>
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Mar 2007 15:37:25 -0000

>> On Sat, Feb 10, 2007 at 07:33:30PM +0200, ea at sellinet.net wrote:
>>>
>>> I'm trying to restrict some LAN access by arp permanent entries. But it
>>> didn't work or it didn't work as I realize it. For example I have the
>>> following perm entries:
>>>
>>> user1: (82.199.215.195) at 00:0f:ea:a4:60:c5 on vlan804 permanent [vlan]
>>> user2: (82.199.215.196) at 00:13:8f:b1:68:4b on vlan804 permanent [vlan]
>>>
>>> And from what I realize if the user1 attempts to use user2's IP address.
>>> The Router should block all packets which coming from wrong physical
>>> address. But actually that didn't happen and user1 can use user2's IP
>>> address without any problems.
>>
>> Have you tried using 'staticarp' in this interface's ifconfig(8)
>> settings?  If you turn on staticarp, you'll probably need to specify
>> arp entries for ALL hosts on that interface -- or at least, all the
>> ones you care about.
>>
>
>
>Yea, I tried but the situation is the same as it was without
>staticarp..Any other ideas?

May I ask you a question?
Have you already read this?
http://lists.freebsd.org/pipermail/freebsd-net/2007-February/013239.html