On 16/01/16(Sat) 18:40, Doug Moss wrote: > (my apologies for last message - unfamiliar with Yahoo and forcing plain text > email) > > Why is a manually entered permanent arp entry being overwritten?
It should not, are you running -current? If not could you try? > > At my home, I have an ISP from which I have 5 static IPv4 addresses. > I use these for my home network, a home email server, jabber server for > family/friends, > website related to my academic work, etc, with different domains. > > > The ISP service comes into my home via an ethernet cable which I connect to a > switch > (Cisco gigabit) > > Connected to the switch are: > (A) router to my home network (behind which are desktops, a wireless access > point, kids laptops, etc) > a low-power, dual NIC OpenBSD amd64 running NAT and unbound (caching) > with IP address 70.20.25.26 > (B) the academic website > a low-power, OpenBSD 5.7 amd64 > with IP address 70.20.25.30 > (plus other servers) > > The ISP gateway/router is IP address 70.20.25.1 > > On the academic website, I noticed that the arp table > showed 70.20.25.26 with the MAC of the ISP gateway > > I thought - why should my private traffic from my personal webserver be routed > through the ISP gateway - why not go directly to my home network on the same > switch? > > So on my webserver, I did this: > # sudo arp -s 70.20.25.26 00:25:90:0A:69:B6 permanent > > Then I checked: > # arp -an > Host Ethernet Address Netif Expire Flags > 70.20.25.1 fa:c0:01:75:98:cd em0 19m59s > 70.20.25.26 00:25:90:0a:69:b6 em0 permanent > 70.20.25.30 00:25:90:ea:52:9c em0 permanent l > > The next day, I found this is the logs: > Jan 12 08:17:54 www /bsd: arp info overwritten for 70.20.25.26 by > 00:25:90:0a:69:b6 on em0 > Jan 12 08:17:54 www /bsd: arp info overwritten for 70.20.25.26 by > fa:c0:01:75:98:cd on em0 > Jan 12 08:37:54 www /bsd: arp info overwritten for 70.20.25.26 by > 00:25:90:0a:69:b6 on em0 > Jan 12 08:37:54 www /bsd: arp info overwritten for 70.20.25.26 by > fa:c0:01:75:98:cd on em0 > Jan 12 08:57:54 www /bsd: arp info overwritten for 70.20.25.26 by > 00:25:90:0a:69:b6 on em0 > Jan 12 08:57:54 www /bsd: arp info overwritten for 70.20.25.26 by > fa:c0:01:75:98:cd on em0 > (repeated a couple hundred times) > > $ arp -an > Host Ethernet Address Netif Expire Flags > 70.20.25.1 fa:c0:01:75:98:cd em0 19m54s > 70.20.25.26 fa:c0:01:75:98:cd em0 17m15s > 70.20.25.30 00:25:90:ea:52:9c em0 permanent l > > and > $ traceroute 70.20.25.26 > traceroute to 70.20.25.26 (70.20.25.26), 64 hops max, 40 byte packets > 1 lo0-100.BSTNMA-VFTTP-308.verizon-gni.net (70.20.25.1) 2.841 ms 0.594 ms > 3.724 ms > 2 static-70-20-25-26.bstnma.fios.verizon.net (70.20.25.26) 3.544 ms 1.255 > ms 3.593 ms > > Am I understanding this correctly? > Is the ISP gateway continuing to try to re-direct the arp table on my home > router > to route traffic out to its gateway before coming back to my home network, > instead of > directly from my router to the other server connected to ports on the same > switch? > > > Have I done something wrong in my configuration? > > Is this (a) expected (b) strange but innocent (c) nefarious, or (d) something > else?
