Thanks Bill I appreciate your frank advice, together with your humour(!) Certainly it brought more than one smile to my face!
The pain you refer to is close to the same, however at this point it remains greater to change the whole LAN addressing system. (Experience proves some devices will not smoothly change their IP addresses (TiVos) and require whole reinstallation, backup of data.... There are 3 of these. Yes I know they should change easily and I have previously proceeded as if they did.... These are the worst ones, think in terms of days of work, although I'd be good at it by the time I got to the third one! The rest vary and some clearly are a simple matter to change.) In terms of the ISP even though a small customer I can get pretty persuasive. We can escalate to the CEO's office if necessary, I understand that gets taken seriously. The Internet also provides avenues if needed! Other avenues also exist. Clearly these options one prefers to avoid! It seems that a precondition for the conflict to occur is a common IP on the LAN and the WAN. Would that be true? Thank you again. Kind regards David Hingston ----- Original Message ----- From: "Bill Marquette" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Saturday, April 05, 2008 9:50 AM Subject: Re: [pfSense-discussion] ARP traffic causing routers to hang - single ARP cache with both LAN and WAN ARP entries? On Fri, Apr 4, 2008 at 3:28 PM, Tortise <[EMAIL PROTECTED]> wrote: > Yes I am using 192.168.0.0/24 > > I have no devices from those manufacturers. > > This was not the response I wanted to hear, changing the LAN is a major(!) Hmmmm, more or less major than the incidents that prompted this dicussion? :) > Can you clarify the nature of the pfSense ARP cache? Is it relevant? (I am > not convinced that it is - either the ARP packet is > correct or it isn't) Correct or not, FreeBSD is warning you that it's seeing a machine with the wrong subnet on the wrong side of your firewall. I don't think FreeBSD is actually honoring it, but don't quote me on that, I haven't tested this specific configuration. > Should the ISP be responsible for the integrity of its network and ensuring > rogue ARP traffic is eliminated? Should? Yes. Would I personally expect them to actually take responsibility for it? Nope. Run our supported operating system is the answer I expect them to give you. > Should the ISP respond to requests to remove devices off the network with > erroneous ARP traffic, as identified by the devices MAC > address from pfSense logs? That could clean things up? Should? Yes. But again, I expect you won't get past first level tech support unless you are a business account (and even then *shudder*). You're on a shared medium connection, the rest of the idiots out there that have no idea how to configure a network (and be neighborly on a shared network) are going to take you down whenever they feel like it. Honestly, I know it's painful. But this isn't any different than a new neighbor moving in that decides to use the same wireless channel as you, but are broadcasting a high enough signal that they're stomping all over you. You either figure out who it is and shoot them (figuratively of course ;-P) or you change your stuff (and in the human way, you massively amp your signal and hope there's no FCC goons - or hams - in the area). :) --Bill
