Date: Tue, 16 Oct 2001 23:58:10 -0700 From: "Scott Lampert" <scott@lampert.org> To: <security@freebsd.org> Subject: Bridging Firewall - 3 interfaces - arp issue Message-ID: <000f01c156d9$152988a0$07faa8c0@zeppelin>
next in thread | raw e-mail | index | archive | help
I have a box I've setup as a bridging firewall with ipfw. It has 3
interfaces - two are bridged, without IP addresses, and the third has an IP
address and is connected to the inside network. Basically it looks like
this:
************
* Internet *
**+********
| 192.168.1.1/24
|
|
| bridge outside
|
+--+-------+ 192.168.1.2/24
| Firewall Box +-----+
+--+-------+ |
| bridge inside |
| |
| +-+-------+
+-----------| Switch |
+--------- +
I hope the poor ascii art helps rather than hinders. :) In any event, I've
noticed after running the firewall for a few hours that I start getting the
following message in my dmesg output:
arp: 00:aa:bb:cc:dd:ee is using my IP address 192.168.1.2!
xx ouch, bdg_forward for local pkt
The box is complaining about the third interface saying it has the IP its
supposed to have. For some reason the box doesn't realize that its own
interface is answering arps correctly. Is this normal behavior or have I
misconfigured something? Do I need to add the third interface to the bridge
configuration?
-Scott
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000f01c156d9$152988a0$07faa8c0>