>On Sunday, January 17, 2016 2:23 PM, Vijay Sankar <[email protected]> wrote:
>Not clear from your message so I was wondering if you have all the following
>on the same switch
>ISP interface
>External interface of your firewall
>Internal interface of your firewall
>Interfaces of your other systems
>I noticed behaviour similar to what you described when I did something like
>the above.
>The arp rewrite attempts stopped when I separated the Internet connection and
>the external
>interface of the firewall on one switch and all the internal systems on
>another switch.
Yes - for my situation, one switch handles the external interfaces
(ISP=70.20.25.1 and
my router=70.20.25.26 and my webserver=70.20.25.30)
and the other ethernet port of my router (192.168.1.x) goes to a physically
separate other switch
Second - per other reply. I upgraded from OpenBSD 5.7 amd64 to OpenBSD 5.8
amd64 yesterday
This broke other things/packages
(OpenLDAP 2.4 to OpenLDAP 3.0, doesn't seem to like slapd.conf
password-hash={CRYPT} )
setting me back a day, but
the problem still occurs on OpenBSD 5.8 amd64
/var/log/messages from today:
Jan 19 05:44:42 www httpd[27728]: server_accept_tls: TLS accept failed - accept
failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Jan 19 07:53:54 www /bsd: arp: attempt to overwrite permanent entry for
70.20.25.26 by fa:c0:01:75:98:cd on em0
Jan 19 08:13:59 www /bsd: arp: attempt to overwrite permanent entry for
70.20.25.26 by fa:c0:01:75:98:cd on em0
Jan 19 09:58:46 www httpd[27728]: server_accept_tls: TLS accept failed - accept
failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Jan 19 15:00:01 www syslogd: restart
Jan 19 18:27:05 www /bsd: arp info overwritten for 70.20.25.26 by
fa:c0:01:75:98:cd on em0
$ arp -an
Host Ethernet Address Netif Expire Flags
70.20.25.1 fa:c0:01:75:98:cd em0 19m59s
70.20.25.26 fa:c0:01:75:98:cd em0 20m0s
70.20.25.30 00:25:90:ea:52:9c em0 permanent l
If people would like, I can send my dmesg.
I'd be happy to try other debugging methods.
With all the warnings about -current on http://www.openbsd.org/faq/faq5.html
I'm leary of doing that - sorry.
Out of curiousity - these changes to the routing tables
visible with 'arp -an' and 'route -n show'
I imagine these can happen through more than one mechanism, and happen at the
network stack or kernel level?
Is there another mechanism that I should pay attention to?
>> On Jan 16, 2016, at 12:40, Doug Moss <[email protected]> wrote:
>>
>> (my apologies for last message - unfamiliar with Yahoo and forcing plain
>> text email)
>>
>> Why is a manually entered permanent arp entry being overwritten?
>>
>>
>> At my home, I have an ISP from which I have 5 static IPv4 addresses.
>> I use these for my home network, a home email server, jabber server for
>> family/friends,
>> website related to my academic work, etc, with different domains.
>>
>>
>> The ISP service comes into my home via an ethernet cable which I connect to
>> a switch
>> (Cisco gigabit)
>>
>> Connected to the switch are:
>> (A) router to my home network (behind which are desktops, a wireless access
>> point, kids laptops, etc)
>> a low-power, dual NIC OpenBSD amd64 running NAT and unbound (caching)
>> with IP address 70.20.25.26
>> (B) the academic website
>> a low-power, OpenBSD 5.7 amd64
>> with IP address 70.20.25.30
>> (plus other servers)
>>
>> The ISP gateway/router is IP address 70.20.25.1
>>
>> On the academic website, I noticed that the arp table
>> showed 70.20.25.26 with the MAC of the ISP gateway
>>
>> I thought - why should my private traffic from my personal webserver be
>> routed
>> through the ISP gateway - why not go directly to my home network on the same
>> switch?
>>
>> So on my webserver, I did this:
>> # sudo arp -s 70.20.25.26 00:25:90:0A:69:B6 permanent
>>
>> Then I checked:
>> # arp -an
>> Host Ethernet Address Netif Expire
>> Flags
>> 70.20.25.1 fa:c0:01:75:98:cd em0 19m59s
>> 70.20.25.26 00:25:90:0a:69:b6 em0 permanent
>> 70.20.25.30 00:25:90:ea:52:9c em0 permanent l
>>
>> The next day, I found this is the logs:
>> Jan 12 08:17:54 www /bsd: arp info overwritten for 70.20.25.26 by
>> 00:25:90:0a:69:b6 on em0
>> Jan 12 08:17:54 www /bsd: arp info overwritten for 70.20.25.26 by
>> fa:c0:01:75:98:cd on em0
>> Jan 12 08:37:54 www /bsd: arp info overwritten for 70.20.25.26 by
>> 00:25:90:0a:69:b6 on em0
>> Jan 12 08:37:54 www /bsd: arp info overwritten for 70.20.25.26 by
>> fa:c0:01:75:98:cd on em0
>> Jan 12 08:57:54 www /bsd: arp info overwritten for 70.20.25.26 by
>> 00:25:90:0a:69:b6 on em0
>> Jan 12 08:57:54 www /bsd: arp info overwritten for 70.20.25.26 by
>> fa:c0:01:75:98:cd on em0
>> (repeated a couple hundred times)
>>
>> $ arp -an
>> Host Ethernet Address Netif Expire
>> Flags
>> 70.20.25.1 fa:c0:01:75:98:cd em0 19m54s
>> 70.20.25.26 fa:c0:01:75:98:cd em0 17m15s
>> 70.20.25.30 00:25:90:ea:52:9c em0 permanent l
>>
>> and
>> $ traceroute 70.20.25.26
>> traceroute to 70.20.25.26 (70.20.25.26), 64 hops max, 40 byte packets
>> 1 lo0-100.BSTNMA-VFTTP-308.verizon-gni.net (70.20.25.1) 2.841 ms 0.594 ms
>> 3.724 ms
>> 2 static-70-20-25-26.bstnma.fios.verizon.net (70.20.25.26) 3.544 ms 1.255
>> ms 3.593 ms
>>
>> Am I understanding this correctly?
>> Is the ISP gateway continuing to try to re-direct the arp table on my home
>> router
>> to route traffic out to its gateway before coming back to my home network,
>> instead of
>> directly from my router to the other server connected to ports on the same
>> switch?
>>
>>
>> Have I done something wrong in my configuration?
>>
>> Is this (a) expected (b) strange but innocent (c) nefarious, or (d)
>> something else?
