ARP MESSAGES FILLING CONSOLE

Jeff at NorrisTechs jeff at norristechs.net
Thu Jan 19 16:52:20 PST 2006 

Thanks.. saved me some frustration and also not filling up the syslog 
either.

------------------------------------------------------------------------

*/Jeff Norris/*
/~ Web Hosting ~ VPN Solutions ~ Network Management ~
Design, deploy, kick ass. /
*N*orris*Techs* dot net
http://www.norristechs.net
*AOL IM or Yahoo IM: _ ntshelper _*



Edinilson J. Santos wrote:

>Try to use in sysctl.conf
>
>net.link.ether.inet.log_arp_wrong_iface=0
>
>
>Edinilson
>---------------------------------------------------------
>ATINET-Professional Web Hosting
>Tel Voz: (0xx11) 4412-0876
>http://www.atinet.com.br
>
>
>----- Original Message ----- 
>From: "Jeff at NorrisTechs" <jeff at norristechs.net>
>To: "FreeBSD ISP" <freebsd-isp at freebsd.org>
>Sent: Monday, January 16, 2006 10:49 PM
>Subject: ARP MESSAGES FILLING CONSOLE
>
>
>
>Everyone,
>First off, no attitude or sarcasm g;
>
>After running BSD since 4.0 I have come to love the feature rich set it 
>offers and stability as well.
>
>I have an interesting network situation.  I have several BSD based 
>servers which are multi-hone (Two Nics) one Nic faces the internet, the 
>other faces a PRIVATE IP subnet and wireless DMZ.  However since the 
>internet router is also the end point for the wireless DMZ I get a 
>barrage of ARP messages indicating the the private nic is receiving ARP 
>for the public network and vice versa.
>
>Heres a ascii drawing of whats going on. (example we will say that 
>10.0.0.0/8 is the public side and 192.168.100.0/24 is the private side)
>
>(INTERNET)  10.0.0.0/8  (again an exmple)
>    !
>    !
>    v
>
> ROUTER -----> (10.0.0.1/8)<-> WIRELESS (DMZ)  192.168.100.2/24 Connect 
>to Client AP below
>    !  BSD-1  10.0.0.200/8 (FXP0)
>    !
>    !
> 10.0.0.5/8
>  (NAT BOX)
>   !
>   !
>   ! BSD-1  192.168.100.200/24  (XL0)
> PRIVATE 192.168.100.24 (NAT IP for PC etc)
>  !
>  !--------(CLIENT AP) 192.168.100.5----------------^Connected to above AP
>  (Wireline to client AP 192.168.1.0/24)
>
>
>Now BSD1  FXP0 (public) and XL0 (priate) are connected together to 
>common Layer network, not looped on a Layer2 level otherwise the network 
>would crash, but both NICs are connect in a broadcast domain.
>If I down XL0 of course everthing is cool , and no ARP messages, but the 
>XL0 nic is used for management traffic.
>
>I could either put a router between the Client AP and the router-wireles 
>DMZ or leave XL0 down.
>Move the client AP to the DMZ side and multinet the NAT box (all ready 
>done this) but NAT gets in the way for several applications (remote 
>server management)
>
>I would like to know if at all possible to disable ARP requests per NIC, 
>make static entiries that override any manual ARP request.
>
>
>  
>

More information about the freebsd-isp mailing list