Why is a manually entered permanent arp entry being overwritten? At my home, I have an ISP from which I have 5 static IPv4 addresses.I use these for my home network, a home email server, jabber server for family/friends,website related to my academic work, etc, with different domains.
The ISP service comes into my home via an ethernet cable which I connect to a switch (Cisco gigabit) Connected to the switch are:(A) router to my home network (behind which are desktops, a wireless access point, kids laptops, etc) a low-power, dual NIC OpenBSD amd64 running NAT and unbound (caching) with IP address 70.20.25.26(B) the academic website a low-power, OpenBSD 5.7 amd64 with IP address 70.20.25.30(plus other servers) The ISP gateway/router is IP address 70.20.25.1 On the academic website, I noticed that the arp table showed 70.20.25.26 with the MAC of the ISP gateway I thought - why should my private traffic from my personal webserver be routed through the ISP gateway - why not go directly to my home network on the same switch? So on my webserver, I did this:# sudo arp -s 70.20.25.26 00:25:90:0A:69:B6 permanent Then I checked:# arp -anHost                 Ethernet Address  Netif Expire   Flags70.20.25.1              fa:c0:01:75:98:cd   em0 19m59s    70.20.25.26              00:25:90:0a:69:b6   em0 permanent  70.20.25.30              00:25:90:ea:52:9c   em0 permanent  l The next day, I found this is the logs:Jan 12 08:17:54 www /bsd: arp info overwritten for 70.20.25.26 by 00:25:90:0a:69:b6 on em0Jan 12 08:17:54 www /bsd: arp info overwritten for 70.20.25.26 by fa:c0:01:75:98:cd on em0Jan 12 08:37:54 www /bsd: arp info overwritten for 70.20.25.26 by 00:25:90:0a:69:b6 on em0Jan 12 08:37:54 www /bsd: arp info overwritten for 70.20.25.26 by fa:c0:01:75:98:cd on em0Jan 12 08:57:54 www /bsd: arp info overwritten for 70.20.25.26 by 00:25:90:0a:69:b6 on em0Jan 12 08:57:54 www /bsd: arp info overwritten for 70.20.25.26 by fa:c0:01:75:98:cd on em0(repeated a couple hundred times) $ arp -anHost                 Ethernet Address  Netif Expire   Flags70.20.25.1              fa:c0:01:75:98:cd   em0 19m54s    70.20.25.26              fa:c0:01:75:98:cd   em0 17m15s    70.20.25.30              00:25:90:ea:52:9c   em0 permanent  l and$ traceroute 70.20.25.26traceroute to 70.20.25.26 (70.20.25.26), 64 hops max, 40 byte packets 1  lo0-100.BSTNMA-VFTTP-308.verizon-gni.net (70.20.25.1)  2.841 ms  0.594 ms  3.724 ms 2  static-70-20-25-26.bstnma.fios.verizon.net (70.20.25.26)  3.544 ms  1.255 ms  3.593 ms Am I understanding this correctly?Is the ISP gateway continuing to try to re-direct the arp table on my personal serverto route traffic out to its gateway before coming back to my home network, instead of directlyfrom my server to my router connected to ports on the same switch? Have I done something wrong in my configuration? Since on my webserver (70.20.25.30) I use the ISP's provided name servers, does the name-mapping-to-IP(in /etc/resolv.conf) impact the IP-mapping-to-MAC of the local ARP tables? Is this (a) expected (b) strange but innocent (c) nefarious, or (d) something else? thanks in advance for considering this.
