Strange behavior with arp permanent entries

ea at sellinet.net ea at sellinet.net
Wed Feb 14 10:45:45 UTC 2007


Hello, Guys!

I'm trying to restrict some LAN access by arp permanent entries. But it
didn't work or it didn't work as I realize it. For example I have the
following perm entries:


user1: (82.199.215.195) at 00:0f:ea:a4:60:c5 on vlan804 permanent [vlan]
user2: (82.199.215.196) at 00:13:8f:b1:68:4b on vlan804 permanent [vlan]


And from what I realize if the user1 attempts to use user2's IP address.
The Router should block all packets which coming from wrong physical
address. But actually that didn't happen and user1 can use user2's IP
address without any problems.


Maybe someone of you will advice me to use ipfw arp rules but when I turn
net.link.ether.ipfw ON I'm getting very low performance from the router.
We talking about 800mbps and 600k packets per second, and many users which
means many ipfw arp rules.


System1 info:
FreeBSD 6.2-RELEASE
Intel(R) Xeon(R) CPU 5130 @ 2.00GHz
1G ram

System2 info:
FreeBSD 6.1-RELEASE
ntel(R) Xeon(R) CPU 5130 @ 2.00GHz
1G ram

Also I have a few other systems and it seems that it works on them

(Working)System3 info:
6.0-RELEASE
Dual Core AMD Opteron(tm) Processor 275 @ 2193.76-MHz
1G ram

(Working)System4 info:
6.2-PRERELEASE
Intel(R) Xeon(R) CPU 5130  @ 2.00GHz
1G ram

Thank you guys. Any suggestions will be appreciated.


Regards,

E.A.


--------------------------------------------------------------
SELLINET Internet Services Provider - http://www.sellinet.net/



More information about the freebsd-net mailing list