ARP MESSAGES FILLING CONSOLE
Jeff at NorrisTechs
jeff at norristechs.net
Thu Jan 19 16:52:20 PST 2006
Thanks.. saved me some frustration and also not filling up the syslog
either.
------------------------------------------------------------------------
*/Jeff Norris/*
/~ Web Hosting ~ VPN Solutions ~ Network Management ~
Design, deploy, kick ass. /
*N*orris*Techs* dot net
http://www.norristechs.net
*AOL IM or Yahoo IM: _ ntshelper _*
Edinilson J. Santos wrote:
>Try to use in sysctl.conf
>
>net.link.ether.inet.log_arp_wrong_iface=0
>
>
>Edinilson
>---------------------------------------------------------
>ATINET-Professional Web Hosting
>Tel Voz: (0xx11) 4412-0876
>http://www.atinet.com.br
>
>
>----- Original Message -----
>From: "Jeff at NorrisTechs" <jeff at norristechs.net>
>To: "FreeBSD ISP" <freebsd-isp at freebsd.org>
>Sent: Monday, January 16, 2006 10:49 PM
>Subject: ARP MESSAGES FILLING CONSOLE
>
>
>
>Everyone,
>First off, no attitude or sarcasm g;
>
>After running BSD since 4.0 I have come to love the feature rich set it
>offers and stability as well.
>
>I have an interesting network situation. I have several BSD based
>servers which are multi-hone (Two Nics) one Nic faces the internet, the
>other faces a PRIVATE IP subnet and wireless DMZ. However since the
>internet router is also the end point for the wireless DMZ I get a
>barrage of ARP messages indicating the the private nic is receiving ARP
>for the public network and vice versa.
>
>Heres a ascii drawing of whats going on. (example we will say that
>10.0.0.0/8 is the public side and 192.168.100.0/24 is the private side)
>
>(INTERNET) 10.0.0.0/8 (again an exmple)
> !
> !
> v
>
> ROUTER -----> (10.0.0.1/8)<-> WIRELESS (DMZ) 192.168.100.2/24 Connect
>to Client AP below
> ! BSD-1 10.0.0.200/8 (FXP0)
> !
> !
> 10.0.0.5/8
> (NAT BOX)
> !
> !
> ! BSD-1 192.168.100.200/24 (XL0)
> PRIVATE 192.168.100.24 (NAT IP for PC etc)
> !
> !--------(CLIENT AP) 192.168.100.5----------------^Connected to above AP
> (Wireline to client AP 192.168.1.0/24)
>
>
>Now BSD1 FXP0 (public) and XL0 (priate) are connected together to
>common Layer network, not looped on a Layer2 level otherwise the network
>would crash, but both NICs are connect in a broadcast domain.
>If I down XL0 of course everthing is cool , and no ARP messages, but the
>XL0 nic is used for management traffic.
>
>I could either put a router between the Client AP and the router-wireles
>DMZ or leave XL0 down.
>Move the client AP to the DMZ side and multinet the NAT box (all ready
>done this) but NAT gets in the way for several applications (remote
>server management)
>
>I would like to know if at all possible to disable ARP requests per NIC,
>make static entiries that override any manual ARP request.
>
>
>
>
More information about the freebsd-isp
mailing list