Date: Wed, 3 Jan 2001 01:33:34 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: "Weert de G.H. Gert" <gert.de.weert@travelunie.nl> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Arp messages, probably nothing to worry about... Message-ID: <20010103013334.C95729@rfx-64-6-211-149.users.reflexco> In-Reply-To: <003301c0755c$1d3f42a0$04470096@C01076>; from gert.de.weert@travelunie.nl on Wed, Jan 03, 2001 at 09:06:45AM %2B0100 References: <003301c0755c$1d3f42a0$04470096@C01076>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 03, 2001 at 09:06:45AM +0100, Weert de G.H. Gert wrote: > > Can anyone explain to me what causes these messages? > > ep0 is connected to a lan, ep1 is my connection to @home. Most of the time this happens when someone plugs two NICs into one collision domain. It does not look like you have done this. Good. Ouch, some ugly linewrapping happened somewhere > ; ------------------------------ > Dec 28 11:46:49 obelix /kernel: arp: unknown hardware address format > (0x0800) Harmless. Someone is sending out ARP messages FreeBSD does not understand, but it does not need to. > Dec 28 13:31:12 obelix /kernel: arp: 192.168.1.3 is on ep0 but got > reply from 00 > :10:5a:dc:21:cb on ep1 Since the MAC address is different from the one off of ep0 and also different from the next one, my best guess is some other luzer on your LAN has plugged his "private" network into a hub along with the connection to his cable modem. His "private" network is part of the public LAN. > Dec 28 13:31:12 obelix /kernel: arp: 192.168.1.3 is on ep0 but got > reply from 00 > :00:c5:76:db:1e on ep1 Oy. Looks like you have more than one winner out there with a misconfigured home LAN. > Dec 28 13:59:22 obelix /kernel: arp: 192.168.1.1 is on lo0 but got > reply from 00 > :10:5a:dc:21:cb on ep1 > Dec 28 13:59:22 obelix /kernel: arp: 192.168.1.1 is on lo0 but got > reply from 00 > :00:c5:76:db:1e on ep1 That looks scary with those lo0's out there. These are the same two MACs that we see above... Hmmm... Something else strange might be going on. > Dec 28 15:18:23 obelix /kernel: arp: unknown hardware address format > (0x0800) > > ; ------------------------------ > [root@obelix] /var/log # arp -a > obelix.wnw.org (192.168.1.1) at 0:50:4:1a:ab:a0 permanent [ethernet] > asterix.wnw.org (192.168.1.2) at (incomplete) [ethernet] > idefix.wnw.org (192.168.1.3) at 0:60:8c:df:c5:2 [ethernet] > ? (192.168.1.255) at ff:ff:ff:ff:ff:ff permanent [ethernet] > ? (213.51.104.1) at 0:50:f:a9:a0:1c [ethernet] And this MAC is different from the two above. Looks like your cable modem is acting like a real bridge. What kind is it? > ; ------------------------------ > [root@obelix] /var/log # ifconfig -a > ep0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 > ether 00:50:04:1a:ab:a0 > media: 10baseT/UTP > supported media: 10baseT/UTP > ep1: flags=c843<UP,BROADCAST,RUNNING,SIMPLEX,LINK2,MULTICAST> mtu 1500 > inet 213.51.104.92 netmask 0xfffff800 broadcast 213.51.111.255 > ether 00:60:08:d4:12:9d > media: 10baseT/UTP > supported media: 10base2/BNC 10baseT/UTP > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 > inet 127.0.0.1 netmask 0xff000000 > ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 > > ; ------------------------------ > [root@obelix] /var/log # netstat -r > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif > Expire > default 213.51.104.1 UGSc 46 1943506 ep1 > localhost localhost UH 1 55422 lo0 > 192.168.1 link#1 UC 0 0 ep0 > => > obelix 0:50:4:1a:ab:a0 UHLW 1 130527 lo0 > asterix link#1 UHLW 1 1925292 ep0 > => > idefix 0:60:8c:df:c5:2 UHLW 1 966 ep0 > 218 > 192.168.1.255 ff:ff:ff:ff:ff:ff UHLWb 3 10133 ep0 > 213.51.104/21 link#2 UC 0 0 ep1 > => > 213.51.104.1 0:50:f:a9:a0:1c UHLW 46 0 ep1 > 1199 Everything else seems to look OK. Ignore the unknown address formats. As for the other issues, there is the potential for that to make trouble, but it most likely those messages will be the worst effect. If it is someone leaking the RFC1918 addresses onto the LAN, you can try to get them to stop or try to get the ISP to do something, but that will probably take considerable effort. It would probably be easier to just pick up your 192.168.1.0/24 net and move it to a less used block, 192.168.31.0, 192.168.214.0, etc. if that is the problem. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010103013334.C95729>