Adam Carter <adamcart...@gmail.com> writes: >> >> grandstream.yagibdah.de (192.168.3.80) auf 00:0b:82:16:ed:9e [ether] auf >> enp2s0 >> grandstream.yagibdah.de (192.168.3.80) auf 00:0b:82:16:ed:9e [ether] auf >> enp1s0 >> spa.yagibdah.de (192.168.3.81) auf 88:75:56:07:44:c8 [ether] auf enp2s0 >> spa.yagibdah.de (192.168.3.81) auf 88:75:56:07:44:c8 [ether] auf enp1s0 >> >> >> enp2s0 is an interface dedicated to a PPPoE connection, and enp1s0 >> connects to the LAN. >> >> IIUC, this is bound to cause problems. >> >> How is it possible for the wrong entries to be created, and what can I >> do to prevent them? >> >> > arp mappings are untrusted so your machine will accept anything is sees on > the network. That's what makes MITM so easy on a connected subnet. What > makes you think they are wrong?
They are wrong because there is no way for network traffic from the devices on the LAN to make it to the interface enp2s0. Or, if they do make it there, then there is something else seriously wrong. > Also, the output of ifconfig would be helpful. ,---- | heimdali ~ # ifconfig -a | br_dmz: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500 | inet 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255 | inet6 fe80::5cce:2bff:fedc:dce0 prefixlen 64 scopeid 0x20<link> | ether fe:18:b0:e9:78:47 txqueuelen 0 (Ethernet) | RX packets 5124752 bytes 3554838408 (3.3 GiB) | RX errors 0 dropped 0 overruns 0 frame 0 | TX packets 5080086 bytes 3508269156 (3.2 GiB) | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 | | enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 | inet 192.168.3.20 netmask 255.255.255.0 broadcast 192.168.3.255 | inet6 fe80::7aac:c0ff:fe3c:2dc8 prefixlen 64 scopeid 0x20<link> | ether 78:ac:c0:3c:2d:c8 txqueuelen 1000 (Ethernet) | RX packets 998350 bytes 217325937 (207.2 MiB) | RX errors 0 dropped 7332 overruns 0 frame 0 | TX packets 965281 bytes 274572349 (261.8 MiB) | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 | device interrupt 17 | | enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 | inet 185.55.75.245 netmask 255.255.255.255 broadcast 185.55.75.245 | inet6 fe80::7aac:c0ff:fe3c:2dc9 prefixlen 64 scopeid 0x20<link> | ether 78:ac:c0:3c:2d:c9 txqueuelen 1000 (Ethernet) | RX packets 5157535 bytes 4875664995 (4.5 GiB) | RX errors 0 dropped 0 overruns 0 frame 0 | TX packets 3377329 bytes 413568759 (394.4 MiB) | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 | device interrupt 16 | | lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 | inet 127.0.0.1 netmask 255.0.0.0 | inet6 ::1 prefixlen 128 scopeid 0x10<host> | loop txqueuelen 0 (Lokale Schleife) | RX packets 276299 bytes 78159006 (74.5 MiB) | RX errors 0 dropped 0 overruns 0 frame 0 | TX packets 276299 bytes 78159006 (74.5 MiB) | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 | | ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1492 | inet 185.55.75.245 netmask 255.255.255.255 destination 192.168.75.1 | ppp txqueuelen 3 (Punkt-zu-Punkt Verbindung) | RX packets 7250 bytes 3180943 (3.0 MiB) | RX errors 0 dropped 0 overruns 0 frame 0 | TX packets 6123 bytes 711342 (694.6 KiB) | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 | | veth5CBR3D: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 | inet6 fe80::fc18:b0ff:fee9:7847 prefixlen 64 scopeid 0x20<link> | ether fe:18:b0:e9:78:47 txqueuelen 1000 (Ethernet) | RX packets 5077428 bytes 3616056439 (3.3 GiB) | RX errors 0 dropped 0 overruns 0 frame 0 | TX packets 5031817 bytes 3495334672 (3.2 GiB) | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 | | vethYXJVKH: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 | inet6 fe80::fcd0:65ff:fec5:7b44 prefixlen 64 scopeid 0x20<link> | ether fe:d0:65:c5:7b:44 txqueuelen 1000 (Ethernet) | RX packets 47324 bytes 10528497 (10.0 MiB) | RX errors 0 dropped 0 overruns 0 frame 0 | TX packets 48502 bytes 13062823 (12.4 MiB) | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 | | heimdali ~ # brctl show | bridge name bridge id STP enabled interfaces | br_dmz 8000.fe18b0e97847 no veth5CBR3D | vethYXJVKH | heimdali ~ # route -n | Kernel IP Routentabelle | Ziel Router Genmask Flags Metric Ref Use Iface | 0.0.0.0 192.168.75.1 0.0.0.0 UG 4005 0 0 ppp0 | 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo | 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br_dmz | 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 enp1s0 | 192.168.3.80 0.0.0.0 255.255.255.255 UH 0 0 0 enp1s0 | 192.168.3.81 0.0.0.0 255.255.255.255 UH 0 0 0 enp1s0 | 192.168.75.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 | heimdali ~ # `---- Even after adding the static routes and creating firewall rules to drop all traffic from the devices to the internet, their arp entries continue to be renewed. How is that possible?
