From owner-freebsd-questions@FreeBSD.ORG Wed Feb 27 09:01:02 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 11B20106566B for ; Wed, 27 Feb 2008 09:01:02 +0000 (UTC) (envelope-from norgaard@locolomo.org) Received: from mail.locolomo.org (97.pool85-48-194.static.orange.es [85.48.194.97]) by mx1.freebsd.org (Postfix) with ESMTP id B960F13C467 for ; Wed, 27 Feb 2008 09:01:01 +0000 (UTC) (envelope-from norgaard@locolomo.org) Received: from Home.local (32.Red-80-37-158.staticIP.rima-tde.net [80.37.158.32]) by mail.locolomo.org (Postfix) with ESMTP id B4C5D1C0847; Wed, 27 Feb 2008 10:00:59 +0100 (CET) Message-ID: <47C526C6.5080809@locolomo.org> Date: Wed, 27 Feb 2008 10:00:54 +0100 From: Erik Norgaard User-Agent: Thunderbird 2.0.0.9 (Macintosh/20071031) MIME-Version: 1.0 To: Maechler Philippe References: <003b01c87913$b4be5090$3202a8c0@glattwerk.local> In-Reply-To: <003b01c87913$b4be5090$3202a8c0@glattwerk.local> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: ARP Messages X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2008 09:01:02 -0000 Maechler Philippe wrote: >>> ------------- >>> | server | switch switch >>> |192.168.3.222|----[(3.x/24)]--[(3.x/24)] >>> |80.242.192.80|bge1 | >>> ------------- | >>> |bge0 ------------------- >>> | | >>> [switch]----[Gateway 80.242.192.65]---[INTERNET] | >>> | | >>> | | >>> [switch] | >>> | | >>> |bge0 | >>> --------------------------------- | >>> | 80.242.192.81 00:19:bb:25:7b:63| | >>> | 192.168.3.226 00:19:bb:25:7b:64|-------------------- >>> --------------------------------- >> Do you see the same loop as I do? >> >> Request goes out on one interface, response comes back on the > other - >> pretty much what the message says. >> > > Yes I see the loop, the error messages make sense but don't > understand it :/ > I set up extra routes for the private network so how can a packet > from the public interface arrive at a private one? > > I'll recheck the cabeling, the routes on the servers and the > switch the're connected to and give you feedback here Well, it appears to me that you are on the wrong box to solve the problem. The server sends an error message as it should. What happens is that your unnamed box receives an arp request on its bge0 interface, but sends the respond on its bge1 interface. You can use snort to listen for arp packets to see what's going on. I do not know why you have created a loop, with correct routing and firewall there should be no need for a loop. The easy solution is to pull a cable - either one on that unnamed box. Cheers, Erik