Differences is arp requests FreeBSD vs Linux
Colin Dick
cdick at mail.ocis.net
Thu Aug 25 18:09:49 GMT 2005
Hey all,
My problem with my router dropping packets when moving to FreeBSD
4.11 from Linux appears to be related to arp. This router sits between my
network and the upstream ADSL whole-sale ports. I had thought that the
upstream's Cisco was not advertising the customer local arps but that does
not appear to be the case. It must have been a (?broken?) function of
Linux.
When I grep the who-has arp entries from tcpdump on Linux, I only
see addresses to or from the sub-interfaces (gateways) of the box.
When I grep the who-has arp entires from FreeBSD, I see the end
users local arps as well. With viruses and vulnerabilities the way they
are this increase in arps seems to be causing errors on the Cisco.
I used ipfw to shut down particular 'problem' users and blocking
some udp ports (1434, 1026, 1027) which seems to help a bit, but I still
couldn't stabalize. I had to go back to Linux.
So, my question is, what can be done to silently discard the
customer local arps or emulate the way the Linux router is functioning
with ipfw? Is there a kernel opt that I can set at bootup? Am I on the
wrong track entirely?
Thanks in advance for any feedback. I am looking forward to
getting this router replaced.
--
Colin
More information about the freebsd-ipfw
mailing list