Date: Thu, 25 Feb 1999 21:59:31 -0500 From: David Tichbourne <david@compusyssolutions.com> To: Joao Carlos Mendes Luis <jonny@jonny.eng.br> Cc: freebsd-net@FreeBSD.ORG Subject: Re: ARP is not my friend. Message-ID: <36D60E13.2BE08018@compusyssolutions.com> References: <199902222111.SAA02350@roma.coe.ufrj.br>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for the info! I suspect something is not configured properly in my firewall! I have a list of the ether address of all machines and a log of all the times that this arp problem happens. The ethernet address are not on my network hehe... I did an arp -a when arp was reset and it looked like it was coming from a tci.56k....com machine down in th the states. I am on "the wave" - cable modem up in Canada. Perhaps there is another poor fellow out there with similar problems as me... Joao Carlos Mendes Luis wrote: > #define quoting(David Tichbourne) > // Every so often my firewall machine seems to > // behave like an arp proxy, which I don't want. > > arp proxy ? In the O'reilly book TCP/IP Network Admin. book by Craig Hunt, there is some discussion about ARP_PROXYALL options in the basic BSD kernel config. ...on page 114 "Proxy ARP is a variant on the standard protocol in which a server answers the ARP request for its clients. Here's how it works. Host A sends out an ARP request for the Ethernet address of host B. The proxy ARP server, C, hears the request and sends an ARP response back to A claiming that C's Ethernet address is the address of host B. A then sends traffic intended for B to C because it uses C's Ethernet address. C is therefore responsible for forwarding the traffic on to B. The proxy ARP server is usually a router and proxy ARP is used as a means of forwarding traffic between systems that cannot use normal routing for that traffic" I am not sure I understand all that but this is the only reference I found similar to the type of problem I am having. The possibility of my firewall not being configured properly sure comes to mind... > > > // On my firewall console I get messages > // like: > // > // > // .... /kernel: arp: 192.168.0.1 moved from 08:00:07:a6:f7:74 to > // 00:00:b4:87:00:98 > // > // later things seem to "reset" back to > // > // ..... /kernel: arp: 192.168.0.1 moved from 00:00:b4:87:00:98 to > // 08:00:07:a6:f7:74 > > You probably have another machine on the same IP. Double check every > machine. Do you have an ether address list of every machine ? Yes here is a log of the problems.... this is coming off my firewall which faces the internet with one NIC and the other NIC faces my basement LAN the inside NIC's IP address is 192.168.0.4 and my other computers on my private LAN are 192.168.0.1, 2 and 3 192.168.0.3 is the ...:64 address 192.168.0.1 is the ...:98 address day 1 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.1 moved from 00:00:b4:87:00:98 to 00:e0:29:31:28:27 > arp: 192.168.0.1 moved from 00:e0:29:31:28:27 to 00:00:b4:87:00:98 > arp: 192.168.0.1 moved from 00:00:b4:87:00:98 to 00:e0:29:31:28:27 > arp: 192.168.0.1 moved from 00:e0:29:31:28:27 to 00:00:b4:87:00:98 > arp: 192.168.0.1 moved from 00:00:b4:87:00:98 to 00:e0:29:31:28:27 > arp: 192.168.0.1 moved from 00:e0:29:31:28:27 to 00:00:b4:87:00:98 > arp: 192.168.0.1 moved from 00:00:b4:87:00:98 to 00:e0:29:31:28:27 > arp: 192.168.0.1 moved from 00:e0:29:31:28:27 to 00:00:b4:87:00:98 day2 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 day 3 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.1 moved from 00:00:b4:87:00:98 to 00:aa:00:14:b0:a4 > arp: 192.168.0.1 moved from 00:aa:00:14:b0:a4 to 00:00:b4:87:00:98 another Day 3 (I cant count past 3) > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.4 moved from 00:80:c8:3a:5b:d4 to 00:20:e0:0f:8c:40 > arp: 192.168.0.1 moved from 08:00:07:a6:f7:74 to 00:80:c8:3a:5b:d4 > arp: 192.168.0.1 moved from 00:80:c8:3a:5b:d4 to 08:00:07:a6:f7:74 > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:80:c8:3a:5b:d4 > arp: 192.168.0.3 moved from 00:80:c8:3a:5b:d4 to 00:00:21:66:5d:8d > arp: 192.168.0.4 moved from 00:20:e0:0f:8c:40 to 00:80:c8:3a:5b:d4 > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.4 moved from 00:80:c8:3a:5b:d4 to 00:20:e0:0f:8c:40 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.4 moved from 00:20:e0:0f:8c:40 to 00:80:c8:3a:5b:d4 > arp: 192.168.0.1 moved from 00:00:b4:87:00:98 to 00:00:21:6a:a9:5d > arp: 192.168.0.1 moved from 00:00:21:6a:a9:5d to 08:00:07:a6:f7:74 > arp: 192.168.0.1 moved from 00:00:b4:87:00:98 to 00:00:21:6a:a9:5d > arp: 192.168.0.1 moved from 00:00:21:6a:a9:5d to 00:00:b4:87:00:98 > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.4 moved from 00:80:c8:3a:5b:d4 to 00:00:21:6a:a9:5d > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.4 moved from 00:00:21:6a:a9:5d to 00:80:c8:3a:5b:d4 > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.1 moved from 08:00:07:a6:f7:74 to 00:00:21:6a:a9:5d > arp: 192.168.0.1 moved from 00:00:21:6a:a9:5d to 00:00:b4:87:00:98 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.1 moved from 00:00:b4:87:00:98 to 08:00:07:a6:f7:74 > arp: 192.168.0.1 moved from 00:00:b4:87:00:98 to 08:00:07:a6:f7:74 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.2 moved from 00:00:c0:f4:33:b4 to 00:80:c8:3a:0b:55 > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > arp: 192.168.0.3 moved from 00:a0:24:4b:ba:64 to 00:00:21:66:5d:8d > arp: 192.168.0.3 moved from 00:00:21:66:5d:8d to 00:a0:24:4b:ba:64 > > > // this also happens to my second machine 192.168.0.3 machine as well > // (different ethernet addresses of course) > // > // 192.168.0.1 and 0.3 are behind my firewall and when arp reconfigures > // their ethernet addresses > // they obviously can see the outside world through the firewall. > I MEANT TO SAY they obviously can't see the outside world through the firewall. > Why ? Does your firewall filter by mac address ??? I will follow up with trying to identify the proper ipfw rule that prevents arp request from coming into my private network across the firewall. THANKS again for the advice and for taking the time to think about this!! Dave. > > > Jonny > > -- > Joao Carlos Mendes Luis M.Sc. Student > jonny@jonny.eng.br Universidade Federal do Rio de Janeiro > "This .sig is not meant to be politically correct." > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36D60E13.2BE08018>