RE: ARP Messages

[Maechler Philippe]

Hi Erik

 -Original Message-
 From: Erik Norgaard [mailto:[EMAIL PROTECTED] 
 Sent: Wednesday, February 27, 2008 10:01 AM
 To: Maechler Philippe
 Cc: freebsd-questions@freebsd.org
 Subject: Re: ARP Messages
 
 
 Maechler Philippe wrote:
   -   
  |   server|  switch  switch  
  |192.168.3.222|[(3.x/24)]--[(3.x/24)]
  |80.242.192.80|bge1| 
-|
 |bge0---
 |   |
  [switch][Gateway 80.242.192.65]---[INTERNET]   |
 |   |
 |   |
  [switch]   |
 |   |
 |bge0   |
   - |
  |  80.242.192.81 00:19:bb:25:7b:63||
  | 192.168.3.226  00:19:bb:25:7b:64|
   -
  Do you see the same loop as I do?
 
  Request goes out on one interface, response comes back on
the
  other -
  pretty much what the message says.
 
  
  Yes I see the loop, the error messages make sense but don't 
 understand 
  it :/ I set up extra routes for the private network so how
can a 
  packet from the public interface arrive at a private one?
  
  I'll recheck the cabeling, the routes on the servers and the
switch 
  the're connected to and give you feedback here
 
 Well, it appears to me that you are on the wrong box to solve
the 
 problem. The server sends an error message as it should.
 
 What happens is that your unnamed box receives an arp request
on its 
 bge0 interface, but sends the respond on its bge1 interface. 
 You can use 
 snort to listen for arp packets to see what's going on.
 
 I do not know why you have created a loop, with correct routing
and 
 firewall there should be no need for a loop. The easy solution
is to 
 pull a cable - either one on that unnamed box.
 

Ok I rechecked everything and found the loop. There was a
missconfiguration/misscabling on one switch/vlan which caused
leaking arp-broadcast packages to other ports :(

Thanks to all for your hints and help
Philippe

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ARP Messages

[Erik Norgaard]

Maechler Philippe wrote:
 -   
|   server|  switch  switch  
|192.168.3.222|[(3.x/24)]--[(3.x/24)]
|80.242.192.80|bge1| 
  -|

   |bge0---
   |   |
[switch][Gateway 80.242.192.65]---[INTERNET]   |
   |   |
   |   |
[switch]   |
   |   |
   |bge0   |
 - |
|  80.242.192.81 00:19:bb:25:7b:63||
| 192.168.3.226  00:19:bb:25:7b:64|
 -

Do you see the same loop as I do?

Request goes out on one interface, response comes back on the
other - 

pretty much what the message says.



Yes I see the loop, the error messages make sense but don't
understand it :/ 
I set up extra routes for the private network so how can a packet

from the public interface arrive at a private one?

I'll recheck the cabeling, the routes on the servers and the
switch the're connected to and give you feedback here


Well, it appears to me that you are on the wrong box to solve the 
problem. The server sends an error message as it should.


What happens is that your unnamed box receives an arp request on its 
bge0 interface, but sends the respond on its bge1 interface. You can use 
snort to listen for arp packets to see what's going on.


I do not know why you have created a loop, with correct routing and 
firewall there should be no need for a loop. The easy solution is to 
pull a cable - either one on that unnamed box.


Cheers, Erik
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

ARP Messages

[Mächler Philippe]

Hello,

I have some strange messages on a FreeBSD 5.4 Server
The system has a private ip on bge1 and a public one one bge0

Every 2-3 seconds i get an entry like these...
 arp: 80.242.192.81 is on bge0 but got reply from
00:19:bb:25:7b:63 on bge1
 arp: 80.242.192.81 is on bge0 but got reply from
00:19:bb:25:7b:63 on bge1
 arp: 80.242.192.81 is on bge0 but got reply from
00:19:bb:25:7b:63 on bge1
 arp: 80.242.192.80 is on lo0 but got reply from
00:0e:7f:fe:10:3f on bge1
 arp: 192.168.3.222 is on lo0 but got reply from
00:0e:7f:fe:40:c2 on bge0

The funny thing is, that the ip 80.242.192.80 is on mac
00:0e:7f:fe:10:3f but bge0 and not bge1 
Also the ip adress 192.168.3.222 has 00:0e:7f:fe:40:c2 but on
bge1 instead of bge0

See ifconfig output below...

%ifconfig 
bge0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST
mtu 1500
options=1aTXCSUM,VLAN_MTU,VLAN_HWTAGGING
inet 80.242.192.80 netmask 0xffc0 broadcast
80.242.192.127
ether 00:0e:7f:fe:10:3f
media: Ethernet autoselect (100baseTX full-duplex)
status: active
bge1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
options=1aTXCSUM,VLAN_MTU,VLAN_HWTAGGING
inet 192.168.3.222 netmask 0xff00 broadcast
192.168.3.255
ether 00:0e:7f:fe:40:c2
media: Ethernet autoselect (100baseTX full-duplex)
status: active
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384
inet 127.0.0.1 netmask 0xff00 

%netstat -rn
Routing tables

Internet:
DestinationGatewayFlagsRefs  Use
Netif Expire
default80.242.192.65  UGS 0  6885962
bge0
80.242.192.64/26   link#1 UC  00
bge0
80.242.192.65  00:00:0c:07:ac:01  UHLW10
bge0481
80.242.192.80  00:0e:7f:fe:10:3f  UHLW0  229
lo0
80.242.192.81  00:19:bb:25:7b:63  UHLW0   179281
bge0   1027
127.0.0.1  127.0.0.1  UH  0   277552
lo0
192.168.2  192.168.3.254  UGS 0 8209
bge1
192.168.3  link#2 UC  00
bge1
192.168.3.222  00:0e:7f:fe:40:c2  UHLW0 7283
lo0
192.168.3.254  00:a0:8e:77:9a:b9  UHLW10
bge1521
%

Has anybody an idea why i get these messages? Or how i can find
out where they come from?

Philippe

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ARP Messages

[Wojciech Puchar]

00:19:bb:25:7b:63 on bge1

arp: 80.242.192.81 is on bge0 but got reply from

00:19:bb:25:7b:63 on bge1

arp: 80.242.192.81 is on bge0 but got reply from

00:19:bb:25:7b:63 on bge1

arp: 80.242.192.80 is on lo0 but got reply from

00:0e:7f:fe:10:3f on bge1

arp: 192.168.3.222 is on lo0 but got reply from

00:0e:7f:fe:40:c2 on bge0

The funny thing is, that the ip 80.242.192.80 is on mac
00:0e:7f:fe:10:3f but bge0 and not bge1
Also the ip adress 192.168.3.222 has 00:0e:7f:fe:40:c2 but on
bge1 instead of bge0

See ifconfig output below...


sorry if it's stupid question but aren't your network cables swapped?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: ARP Messages

[Mächler Philippe]

  00:19:bb:25:7b:63 on bge1
  arp: 80.242.192.81 is on bge0 but got reply from
  00:19:bb:25:7b:63 on bge1
  arp: 80.242.192.81 is on bge0 but got reply from
  00:19:bb:25:7b:63 on bge1
  arp: 80.242.192.80 is on lo0 but got reply from
  00:0e:7f:fe:10:3f on bge1
  arp: 192.168.3.222 is on lo0 but got reply from
  00:0e:7f:fe:40:c2 on bge0
 
  The funny thing is, that the ip 80.242.192.80 is on mac 
  00:0e:7f:fe:10:3f but bge0 and not bge1 Also the ip adress 
  192.168.3.222 has 00:0e:7f:fe:40:c2 but on bge1 instead of
bge0
 
  See ifconfig output below...
 
 sorry if it's stupid question but aren't your network cables
swapped?
 

That was my first idea too :)
But they are corectly connected. If so there would be a lot of
deny messages in the firewall log and a few services wouldn't
run.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ARP Messages

[Lystopad Oleksandr]

 Hello, M?chler Philippe!

On Tue, Feb 26, 2008 at 01:14:11PM +0100
[EMAIL PROTECTED] wrote about ARP Messages:
 Hello,
 
 I have some strange messages on a FreeBSD 5.4 Server
 The system has a private ip on bge1 and a public one one bge0
 
 Every 2-3 seconds i get an entry like these...
  arp: 80.242.192.81 is on bge0 but got reply from
 00:19:bb:25:7b:63 on bge1

http://lists.freebsd.org/pipermail/freebsd-hackers/2006-March/015791.html

-- 
 Oleksandr Lystopad
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: ARP Messages

[Mächler Philippe]

 
  Hello, M?chler Philippe!
 
 On Tue, Feb 26, 2008 at 01:14:11PM +0100
 [EMAIL PROTECTED] wrote about ARP Messages:
  Hello,
  
  I have some strange messages on a FreeBSD 5.4 Server
  The system has a private ip on bge1 and a public one one bge0
  
  Every 2-3 seconds i get an entry like these...
   arp: 80.242.192.81 is on bge0 but got reply from
  00:19:bb:25:7b:63 on bge1
 

http://lists.freebsd.org/pipermail/freebsd-hackers/2006-March/015
791.html

If the two computers are on the same physical switch this makes
sense. But in my case these two networks are two different,
physical networks... (I'll try to draw it :)

 - ---
¦   server¦   ¦router/firewall¦
¦192.168.3.222¦---[switch (3.x/24)]---¦ 192.168.3.254 ¦---[switch
(2.x/24)]
¦80.242.192.80¦---
 -
  ¦
  ¦
   [switch][Gateway 80.242.192.65]---[INTERNET]

hth
Philippe

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ARP Messages

[Lystopad Oleksandr]

 Hello, M?chler Philippe!

On Tue, Feb 26, 2008 at 03:08:55PM +0100
[EMAIL PROTECTED] wrote about RE: ARP Messages:
  
   Hello, M?chler Philippe!
  
  On Tue, Feb 26, 2008 at 01:14:11PM +0100
  [EMAIL PROTECTED] wrote about ARP Messages:
   Hello,
   
   I have some strange messages on a FreeBSD 5.4 Server
   The system has a private ip on bge1 and a public one one bge0
   
   Every 2-3 seconds i get an entry like these...
arp: 80.242.192.81 is on bge0 but got reply from
   00:19:bb:25:7b:63 on bge1
  
 
 http://lists.freebsd.org/pipermail/freebsd-hackers/2006-March/015
 791.html
 
 If the two computers are on the same physical switch this makes
 sense. But in my case these two networks are two different,
 physical networks... (I'll try to draw it :)
 
  - ---
 ?   server?   ?router/firewall?
 ?192.168.3.222?---[switch (3.x/24)]---? 192.168.3.254 ?---[switch
 (2.x/24)]
 ?80.242.192.80?---
  -
   ?
   ?
[switch][Gateway 80.242.192.65]---[INTERNET]
 

Try to disconnect one by one ports from switch 2.x, and see your
logs. Hope, you find soon a little loop ;-)

-- 
 Oleksandr Lystopad
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ARP Messages

[Erik Norgaard]

Mächler Philippe wrote:


I have some strange messages on a FreeBSD 5.4 Server
The system has a private ip on bge1 and a public one one bge0

Every 2-3 seconds i get an entry like these...

arp: 80.242.192.81 is on bge0 but got reply from

00:19:bb:25:7b:63 on bge1
Routing tables

Internet:
Destination   Gateway   Flags  Refs Use Netif Expire
default  80.242.192.65 UGS06885962 bge0
80.242.192.64/26 link#1UC 0  0 bge0
80.242.192.6500:00:0c:07:ac:01 UHLW   1  0 bge0481
80.242.192.8000:0e:7f:fe:10:3f UHLW   0229 lo0
80.242.192.8100:19:bb:25:7b:63 UHLW   0 179281 bge0   1027
127.0.0.1127.0.0.1 UH 0 277552 lo0
192.168.2192.168.3.254 UGS0   8209 bge1
192.168.3link#2UC 0  0 bge1
192.168.3.22200:0e:7f:fe:40:c2 UHLW   0   7283 lo0
192.168.3.25400:a0:8e:77:9a:b9 UHLW   1  0 bge1521
%

Has anybody an idea why i get these messages? Or how i can find
out where they come from?


It appears you've got more wierdness: why is 80.242.192.80 on lo0? 
according to your ifconfig this is on bge0.


What have you enabled of bridging? firewall? static routes set in rc.conf?

Cheers, Erik
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ARP Messages

[Mel]

On Tuesday 26 February 2008 13:14:11 Mächler Philippe wrote:

 %netstat -rn
 Routing tables

 Internet:
 DestinationGatewayFlagsRefs  Use
 Netif Expire

 192.168.2  192.168.3.254  UGS 0 8209
 bge1
 192.168.3  link#2 UC  00
 bge1

These routes look fishy. It shouldn't have a route for 192.168.2 cause it's 
nowhere defined, so it should go through default, not through bge1. Any 
chance a machine on your network has 192.168.2/24 and publishing it, where it 
should be 80.242 something?
Try route delete 192.168.2.0 and see if it clears.

-- 
Mel

Problem with today's modular software: they start with the modules
and never get to the software part.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ARP Messages

[Erik Norgaard]

Mel wrote:

On Tuesday 26 February 2008 13:14:11 Mächler Philippe wrote:


%netstat -rn
Routing tables

Internet:
DestinationGatewayFlagsRefs  Use
Netif Expire



192.168.2  192.168.3.254  UGS 0 8209
bge1
192.168.3  link#2 UC  00
bge1


These routes look fishy. It shouldn't have a route for 192.168.2 cause it's 
nowhere defined, so it should go through default, not through bge1. Any 
chance a machine on your network has 192.168.2/24 and publishing it, where it 
should be 80.242 something?

Try route delete 192.168.2.0 and see if it clears.


This part is ok if you see the schema in OPs later mail.

Erik
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ARP Messages

[Mel]

On Tuesday 26 February 2008 15:42:41 Erik Norgaard wrote:
 Mel wrote:
  On Tuesday 26 February 2008 13:14:11 Mächler Philippe wrote:
  %netstat -rn
  Routing tables
 
  Internet:
  DestinationGatewayFlagsRefs  Use
  Netif Expire
 
  192.168.2  192.168.3.254  UGS 0 8209
  bge1
  192.168.3  link#2 UC  00
  bge1
 
  These routes look fishy. It shouldn't have a route for 192.168.2 cause
  it's nowhere defined, so it should go through default, not through bge1.
  Any chance a machine on your network has 192.168.2/24 and publishing it,
  where it should be 80.242 something?
  Try route delete 192.168.2.0 and see if it clears.

 This part is ok if you see the schema in OPs later mail.

Really? Where do you see 192.168.TWO instead of 192.168.THREE?


-- 
Mel

Problem with today's modular software: they start with the modules
and never get to the software part.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ARP Messages

[Erik Norgaard]

Mel wrote:

On Tuesday 26 February 2008 15:42:41 Erik Norgaard wrote:

Mel wrote:

On Tuesday 26 February 2008 13:14:11 Mächler Philippe wrote:

%netstat -rn
Routing tables

Internet:
DestinationGatewayFlagsRefs  Use
Netif Expire

192.168.2  192.168.3.254  UGS 0 8209
bge1
192.168.3  link#2 UC  00
bge1

These routes look fishy. It shouldn't have a route for 192.168.2 cause
it's nowhere defined, so it should go through default, not through bge1.
Any chance a machine on your network has 192.168.2/24 and publishing it,
where it should be 80.242 something?
Try route delete 192.168.2.0 and see if it clears.

This part is ok if you see the schema in OPs later mail.


Really? Where do you see 192.168.TWO instead of 192.168.THREE?


OK, this is the schema OP posted in a different mail, lines wrapped 
badly, I've repaired:


 -  ---
¦   server¦ switch ¦router/firewall¦ switch
¦192.168.3.222¦---[(3.x/24)]---¦ 192.168.3.254 ¦---[(2.x/24)]
¦80.242.192.80¦bge1 ---
 -
  ¦bge0
  ¦
   [switch][Gateway 80.242.192.65]---[INTERNET]

As you see, the routing table is from the server, the 192.168.2/24 
network is behind the firewall. It must have a static route on bge1 with 
 gateway 192.168.3.254.


Erik



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ARP Messages

[Mel]

On Tuesday 26 February 2008 15:49:38 Mel wrote:
 On Tuesday 26 February 2008 15:42:41 Erik Norgaard wrote:
  Mel wrote:
   On Tuesday 26 February 2008 13:14:11 Mächler Philippe wrote:
   %netstat -rn
   Routing tables
  
   Internet:
   DestinationGatewayFlagsRefs  Use
   Netif Expire
  
   192.168.2  192.168.3.254  UGS 0 8209
   bge1
   192.168.3  link#2 UC  00
   bge1
  
   These routes look fishy. It shouldn't have a route for 192.168.2 cause
   it's nowhere defined, so it should go through default, not through
   bge1. Any chance a machine on your network has 192.168.2/24 and
   publishing it, where it should be 80.242 something?
   Try route delete 192.168.2.0 and see if it clears.
 
  This part is ok if you see the schema in OPs later mail.

 Really? Where do you see 192.168.TWO instead of 192.168.THREE?

Never mind, I see it now in the wrapped part :/
Anything on that switch that uses 80.242? specifically a machine with mac 
00:19:bb:25:7b:63 and ip 80.242.192.81?
Where is that mac address in your schema?

-- 
Mel

Problem with today's modular software: they start with the modules
and never get to the software part.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: ARP Messages

[Maechler Philippe]

 On Tuesday 26 February 2008 15:49:38 Mel wrote:
  On Tuesday 26 February 2008 15:42:41 Erik Norgaard wrote:
   Mel wrote:
On Tuesday 26 February 2008 13:14:11 Mächler Philippe
wrote:
%netstat -rn
Routing tables
   
Internet:
DestinationGatewayFlagsRefs
Use
Netif Expire
   
192.168.2  192.168.3.254  UGS 0
8209
bge1
192.168.3  link#2 UC  0
0
bge1
   
These routes look fishy. It shouldn't have a route for 
 192.168.2 
cause it's nowhere defined, so it should go through 
 default, not 
through bge1. Any chance a machine on your network has 
192.168.2/24 and publishing it, where it should be 80.242

something? Try route delete 192.168.2.0 and see if it
clears.
  
   This part is ok if you see the schema in OPs later mail.
 
  Really? Where do you see 192.168.TWO instead of
192.168.THREE?
 
 Never mind, I see it now in the wrapped part :/
 Anything on that switch that uses 80.242? specifically a 
 machine with mac 
 00:19:bb:25:7b:63 and ip 80.242.192.81?
 Where is that mac address in your schema?
 
 -- 
 Mel

Hi Mel

I'll extend the schema from erik to show where the other ip/mac
adress is...

 ----
¦   server¦  switch   switch ¦router/firewall¦
switch
¦192.168.3.222¦[(3.x/24)]---[(3.x/24)]---¦ 192.168.3.254
¦-[(2.x/24)]
¦80.242.192.80¦bge1 ¦  ---
  - ¦
   ¦bge0 ---

   ¦¦
[switch][Gateway 80.242.192.65]---[INTERNET]¦
   ¦¦
   ¦¦
[switch]¦
   ¦¦
   ¦bge0¦
 -  ¦
¦  80.242.192.81 00:19:bb:25:7b:63¦ ¦
¦ 192.168.3.226  00:19:bb:25:7b:64¦-
 -

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ARP Messages

[Erik Norgaard]

Maechler Philippe wrote:


I'll extend the schema from erik to show where the other ip/mac
adress is...

 - ---
¦   server¦  switch  switch   ¦router/firewall¦ switch
¦192.168.3.222¦[(3.x/24)]--[(3.x/24)]-¦ 192.168.3.254 ¦---
¦80.242.192.80¦bge1¦   ---
  -¦
   ¦bge0---
   ¦¦
[switch][Gateway 80.242.192.65]---[INTERNET]¦
   ¦¦
   ¦¦
[switch]¦
   ¦¦
   ¦bge0¦
 -  ¦
¦  80.242.192.81 00:19:bb:25:7b:63¦ ¦
¦ 192.168.3.226  00:19:bb:25:7b:64¦-
 -


Do you see the same loop as I do?

Request goes out on one interface, response comes back on the other - 
pretty much what the message says.



Cheers, Erik
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: ARP Messages

[Maechler Philippe]

 From: Erik Norgaard [mailto:[EMAIL PROTECTED] 
 Sent: Tuesday, February 26, 2008 5:55 PM
 To: Maechler Philippe
 Cc: 'Mel'; freebsd-questions@freebsd.org
 Subject: Re: ARP Messages
 
 
 Maechler Philippe wrote:
 
  I'll extend the schema from erik to show where the other 
 ip/mac adress 
  is...
  
   - ---
  |   server|  switch  switch   |router/firewall|
switch
  |192.168.3.222|[(3.x/24)]--[(3.x/24)]-| 192.168.3.254
|---
  |80.242.192.80|bge1|   ---
-|
 |bge0---
 ||
  [switch][Gateway 80.242.192.65]---[INTERNET]|
 ||
 ||
  [switch]|
 ||
 |bge0|
   -  |
  |  80.242.192.81 00:19:bb:25:7b:63| |
  | 192.168.3.226  00:19:bb:25:7b:64|-
   -
 
 Do you see the same loop as I do?
 
 Request goes out on one interface, response comes back on the
other - 
 pretty much what the message says.
 

Yes I see the loop, the error messages make sense but don't
understand it :/ 
I set up extra routes for the private network so how can a packet
from the public interface arrive at a private one?

I'll recheck the cabeling, the routes on the servers and the
switch the're connected to and give you feedback here

Thanks for your help
Philippe

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

arp messages

[Robert Fitzpatrick]

I get these messages in the log, these are the mac addresses for NICs
all on my network, my switch and destination server:

esmtp.webtent.net kernel log messages:
 arp: 208.38.145.35 moved from 00:10:e0:01:86:d9 to 00:b0:64:4d:0b:70 on em0
 arp: 208.38.145.42 moved from 00:10:e0:01:86:d9 to 00:b0:64:4d:0b:70 on em0
 arp: 208.38.145.40 moved from 00:b0:64:4d:0b:70 to 00:10:e0:01:b1:7a on em0
 arp: 208.38.145.40 moved from 00:10:e0:01:b1:7a to 00:b0:64:4d:0b:70 on em0

I found this note, is this the proper way to disable these messages in
my FreeBSD 5.4 server?

http://listserver.uk.freebsd.org/pipermail/freebsd-users/2004-August/009605.html
It's just arp telling you that both nics are on the same network. 
This will stop arp messages being logged

Sysctl net.link.ether.inet.log_arp_movements=0

--
Robert

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

arp messages XXX is on but got reply.../multihoming problem

[ftomlinson]

WWW 08702401718 CO,UK

F TOMLISON
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Block ARP messages

[Darryl Hoar]

Greetings,
I have a 4.4-stable box that is a firewall/router/nat box for my Lan.
I keep getting the following message:

/kernel  arplookup 10.2.2.2 failed.  Host is not on local network.

My external Nic is configured with a real IP, and a netmask of
255.255.255.0.  This is static and configured per the ISP's 
instruction.

My internal nic is statically configured to use the 192.168.1.4
ip address with the netmask of 255.255.255.0.

netstat -rn shows nothing odd or out of the ordinary.

How can I supress these messages as they fill my log and
console.

thanks in advance,

Darryl.

BTW, I think these messages are generated prior to IPFilter ever
getting in the picture.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

arp messages XXX is on but got reply.../multihoming problem

[Jer]

Dear all

I have a setup as follows.
4.9-REL
sis0: inside network 192.168.XXX.XXX

xl0: connection to RR commercial via DHCP
assigned ip  24.172.21.XXX gateway 24.172.21.219 nat'd
rl0: unused

What I want to do is plug in an RR home connection to the rl0 interface so 
rl0 would then look like
rl0: connection to RR home via DHCP
It got assigned an IP of 66.57.248.XX gateway 66.57.248.1

When I do this I get 1000's of
arp: 66.57.248.1 is on rl0 but got reply from 00:07:0d:aa:ec:54 on xl0
and the speed of the xl0 slows to a crawl until I unplug the rl0 NIC

how can I do this?

The default gateway I want is the commercial  account 24.172.21.219

Any ideas??

Thanks

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: arp messages XXX is on but got reply.../multihoming problem

[Dan Nelson]

In the last episode (Jan 18), Jer said:
 4.9-REL
 
 sis0: inside network 192.168.XXX.XXX
 
 xl0: connection to RR commercial via DHCP
 assigned ip  24.172.21.XXX gateway 24.172.21.219 nat'd
 
 rl0: unused
 
 What I want to do is plug in an RR home connection to the rl0 interface so 
 rl0 would then look like
 rl0: connection to RR home via DHCP
 It got assigned an IP of 66.57.248.XX gateway 66.57.248.1
 
 When I do this I get 1000's of
 arp: 66.57.248.1 is on rl0 but got reply from 00:07:0d:aa:ec:54 on xl0
 
 and the speed of the xl0 slows to a crawl until I unplug the rl0 NIC

Make sure your xl0 and rl0 nics are not plugged into the same switch or
hub.  If they aren't, and your setup currently looks like:

 ___ 24.172.21.219   24.172.21.XXX
(   )---[RR business DSL box]---[xl0]
( Internet  )
(___)---[RR home DSL box]---[rl0]
 66.57.248.1 66.57.248.XX 

, then RR may have problems providing both business and home DSL to the
same location, since there's no way xl0 should be getting ARPs from
66.57.248.1.

-- 
Dan Nelson
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: arp messages XXX is on but got reply.../multihoming problem

[Jer]

At 02:46 PM 1/18/2004, you wrote:
In the last episode (Jan 18), Jer said:
 4.9-REL

 sis0: inside network 192.168.XXX.XXX

 xl0: connection to RR commercial via DHCP
 assigned ip  24.172.21.XXX gateway 24.172.21.219 nat'd

 rl0: unused

 What I want to do is plug in an RR home connection to the rl0 interface so
 rl0 would then look like
 rl0: connection to RR home via DHCP
 It got assigned an IP of 66.57.248.XX gateway 66.57.248.1

 When I do this I get 1000's of
 arp: 66.57.248.1 is on rl0 but got reply from 00:07:0d:aa:ec:54 on xl0

 and the speed of the xl0 slows to a crawl until I unplug the rl0 NIC
Make sure your xl0 and rl0 nics are not plugged into the same switch or
hub.  If they aren't, and your setup currently looks like:
 ___ 24.172.21.219   24.172.21.XXX
(   )---[RR business DSL box]---[xl0]
( Internet  )
(___)---[RR home DSL box]---[rl0]
 66.57.248.1 66.57.248.XX
, then RR may have problems providing both business and home DSL to the
same location, since there's no way xl0 should be getting ARPs from
66.57.248.1.
They are not plugged into the same switch
rl0 is pligged directly into the RR home modem


--
Dan Nelson
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: arp messages... is this normal?

[Lowell Gilbert]

Jett Tayer [EMAIL PROTECTED] writes:

 this keeps appearing on my gateway box's logfile
 i have 2 internal network one on xl1 interface, the other on xl2
 i had them cascaded so i guess that's why. but still i want some inputs

Cascaded?  You mean they're actually hooked up to each other?  That
would be a mistake.

 by the way i'm running dhcpd on my gateway box for both network
 
 
 
 
  arp: 192.168.88.34 is on xl1 but got reply from 00:0c:6e:03:4e:66 on xl2
  arp: 192.168.88.55 is on xl1 but got reply from 00:08:a1:28:f7:3b on xl2
  arp: 192.168.88.32 is on xl1 but got reply from 00:0c:6e:03:4d:cf on xl2
  arp: 192.168.88.34 is on xl1 but got reply from 00:0c:6e:03:4e:66 on xl2
  arp: 192.168.88.52 is on xl1 but got reply from 00:08:a1:28:f8:32 on xl2
  arp: 192.168.77.229 is on xl2 but got reply from 00:08:a1:3d:d6:c2 on xl1
  arp: 192.168.77.229 is on xl2 but got reply from 00:08:a1:3d:d6:c2 on xl1
  arp: 192.168.77.229 is on xl2 but got reply from 00:08:a1:3d:d6:c2 on xl1

Any given address should only be coming in on one interface.  You
should fix your configuration so that doesn't happen.  Either make
sure that the two networks are separate, physically and in IP address
space, or else get rid of the second NIC, and arrange things so you
only have one network.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

arp messages... is this normal?

[Jett Tayer]

this keeps appearing on my gateway box's logfile
i have 2 internal network one on xl1 interface, the other on xl2
i had them cascaded so i guess that's why. but still i want some inputs

by the way i'm running dhcpd on my gateway box for both network




 arp: 192.168.88.34 is on xl1 but got reply from 00:0c:6e:03:4e:66 on xl2
 arp: 192.168.88.55 is on xl1 but got reply from 00:08:a1:28:f7:3b on xl2
 arp: 192.168.88.32 is on xl1 but got reply from 00:0c:6e:03:4d:cf on xl2
 arp: 192.168.88.34 is on xl1 but got reply from 00:0c:6e:03:4e:66 on xl2
 arp: 192.168.88.52 is on xl1 but got reply from 00:08:a1:28:f8:32 on xl2
 arp: 192.168.77.229 is on xl2 but got reply from 00:08:a1:3d:d6:c2 on xl1
 arp: 192.168.77.229 is on xl2 but got reply from 00:08:a1:3d:d6:c2 on xl1
 arp: 192.168.77.229 is on xl2 but got reply from 00:08:a1:3d:d6:c2 on xl1
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RESOLVED: What's the meaning of these arp messages...

[RA Cohen]

Well, all is well especially now that I read the arp man
pages...messages simply telling me I swapped ip addresses on two
nics in my firewall...nice FBSD feature...messages gone now.
Thanks  to all who helped...Roy

__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

What's the meaning of these arp messages...

[RA Cohen]

Hi,

I have a FBSD 4.8 box running Samba in my network. Lately I am
noticing some strange messages at the console concerning my
firewall. The messages basically say the MAC address of my linux
firewall's internal ip address has changed...and 15 minutes
later changed again (to the original MAC address)...and so on.

The linux firewall is a bastion host with three NICs...are my
NICs bad or what? This is coinciding with some not-understood
behavior of the firewall.

The firewall is Ipcop which worked just fine for us for the past
year and a half. Then we upgraded our ISDN connection to
business-class cable (2 Mbps down and 512 Up) and I'm losing
sleep and hair and we still are enjoying spotty connectivity
at the windows clients, but not at the public interface of the
firewall itself...I cannot figure out what is going on, and I've
posted an ipcop-centric message on their mailing list. But, can
anyone figure out what the arp messages are telling me?

Thanks,
Roy
 

__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: What's the meaning of these arp messages...

[Alexander Haderer]

At 08:23 19.09.2003 -0700, RA Cohen wrote:
Hi,

I have a FBSD 4.8 box running Samba in my network. Lately I am
noticing some strange messages at the console concerning my
firewall. The messages basically say the MAC address of my linux
firewall's internal ip address has changed...and 15 minutes
later changed again (to the original MAC address)...and so on.
Sounds like the IP address of your firewall is used by another machine.

Alexander



___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: arp messages: Why is this happening?

[ODHIAMBO Washington]

* Mark Atkinson [EMAIL PROTECTED] [20030613 19:00]: wrote:
 This is probably a DHCP network?  This would happen if a client gets a 
 new DHCP assigned IP address, instead of it's old one, and before the
 freebsd boxes' ARP cache expired for that machine.  Usually this only 
 happens with:

Not a DHCP network per se, but an ISP environment where clients get assigned
dynamic IPs on dialup.
However, this problem was never so pronounced when I was running 4.7-STABLE,
only after 4.8-STABLE.

 - broken DHCP clients (not requesting it's old ip back upon reboot).
 - broken DHCP servers (not maintaining lease state properly to
assign clients their old addresses)
 - tight DHCP address spaces (ie. the DHCP server must reuse previously
  leased IP addresses to accomodate
  new DISCOVERS).
 
 or a combination of the above.

No idea if that applies to me, but we do not run a DHCP server.


 Either that or you have a whole bunch of machines that use gratuitous
 ARP to advertise the new interfaces in a failover situation.

Yikes! I need to be a network specialist, sort of.. but no.



-Wash

-- 
Odhiambo Washington   [EMAIL PROTECTED]  The box said 'Requires
Wananchi Online Ltd.  www.wananchi.com  Windows 95, NT, or better,'
Tel: +254 2 313985-9  +254 2 313922 so I installed FreeBSD.   
GSM: +254 72 743223   +254 733 744121   This sig is McQ!  :-)


For three days after death hair and fingernails continue to grow but
phone calls taper off.
-- Johnny Carson
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: arp messages: Why is this happening?

[ODHIAMBO Washington]

* Dan Nelson [EMAIL PROTECTED] [20030613 18:40]: wrote:
 In the last episode (Jun 13), ODHIAMBO Washington said:
  
  My log files (and console) fill up with these messages.
  
   arp: 62.8.64.172 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
   arp: 62.8.64.201 moved from 00:c0:05:10:01:f1 to 00:c0:05:11:01:f1 on bge1
   arp: 62.8.64.201 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
   arp: 62.8.64.145 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
   arp: 62.8.64.212 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
   arp: 62.8.64.188 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
  ...
 
 What are the machines at those two mac addresses?  Are they maybe
 clustered servers, and during failover, you see an arp line for each ip
 that gets moved from one to the other

Now that points me towards some clue ... those mac addresses are not even on
the box where I am seeing these messages.
I can see the mac addresses by using ifconfig, yes??
So some machines, possibly routers, are doing this...




Best regards,
Odhiambo Washington
Wananchi Online Ltd.


___W_A_N_A_N_C_H_I__O_N_L_I_N_E__L_T_D___The People's Choice__
Wananchi Head Office|*| Tel: +254 2 313 985-9
1st Flr Loita, Loita St.|*| Fax: +254 2 313 922
10286-GPO, NAIROBI, KE  |*| e-mail: wash at wananchi dot com
--
++

...with a colour temperature of 9300K using barco phosphors and connected to an AGP
Matrox G200 via 5 individual RG179B/U coax cables with a contact resistance less than
0.1 mOhm... -- David Jordan
 

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: arp messages: Why is this happening?

[ODHIAMBO Washington]

* Bill Moran [EMAIL PROTECTED] [20030613 18:36]: wrote:
 ODHIAMBO Washington wrote:
 My log files (and console) fill up with these messages.
 
 arp: 62.8.64.172 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
 arp: 62.8.64.201 moved from 00:c0:05:10:01:f1 to 00:c0:05:11:01:f1 on bge1
 arp: 62.8.64.201 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
 arp: 62.8.64.145 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
 arp: 62.8.64.212 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
 arp: 62.8.64.188 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
 
 Could be that you're on a DHCP network and addresses are moving around a 
 lot.

An ISP env, without a DHCP server, but with a NAS assigning IPs to dialup clients.


 I'm on Adelphia cable internet, and I see these messages off and on.
 Especially after network problems, there'll be a long list of them.

..a long list of them is also what I see here. I just shortened what I sent.


 Occassionally, I'll see one MAC address that is generating a lot of
 these messages ... I assume it's some broken Windows machine that
 can't figure out what IP to use.
 
 There is a sysctl that will turn off reporting of this:
 net.link.ether.inet.log_arp_movements
 Set it to 0 to stop the logging.

Thanks. I was looking for something like this, but is this really available
in 4.8-STABLE 






Best regards,
Odhiambo Washington
Wananchi Online Ltd.


___W_A_N_A_N_C_H_I__O_N_L_I_N_E__L_T_D___The People's Choice__
Wananchi Head Office|*| Tel: +254 2 313 985-9
1st Flr Loita, Loita St.|*| Fax: +254 2 313 922
10286-GPO, NAIROBI, KE  |*| e-mail: wash at wananchi dot com
--
++

When you say 'I wrote a program that crashed Windows', people just stare at you
blankly and say 'Hey, I got those with the system, for free' Linus Torvalds
 

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: arp messages: Why is this happening?

[Bill Moran]

ODHIAMBO Washington wrote:
* Bill Moran [EMAIL PROTECTED] [20030613 18:36]: wrote:

ODHIAMBO Washington wrote:

My log files (and console) fill up with these messages.


arp: 62.8.64.172 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
arp: 62.8.64.201 moved from 00:c0:05:10:01:f1 to 00:c0:05:11:01:f1 on bge1
arp: 62.8.64.201 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
arp: 62.8.64.145 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
arp: 62.8.64.212 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
arp: 62.8.64.188 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
Could be that you're on a DHCP network and addresses are moving around a 
lot.
An ISP env, without a DHCP server, but with a NAS assigning IPs to dialup clients.
For all intents and purposes, that's the same as a DHCP server in it's affect
on arp.
'netstat -rn' should give you IPs and MAC addresses.  You could monitor that to
get an idea of what the IPs are doing and possibly improve the configuration of
the NAS to reduce the problem.
There is a sysctl that will turn off reporting of this:
net.link.ether.inet.log_arp_movements
Set it to 0 to stop the logging.
Thanks. I was looking for something like this, but is this really available
in 4.8-STABLE 
It's available earlier than that.  I don't know exactly when it was added, but
it's definately in 4.8.
If you're the ISP, you may want to consider researching the problem before you
blindly turn this off.  Although you could turn the messages off, put it on
your list of things to do, and turn them back on in a month or whatever when
you had more time to research the problem.
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: arp messages: Why is this happening?

[Dan Nelson]

In the last episode (Jun 14), ODHIAMBO Washington said:
 * Dan Nelson [EMAIL PROTECTED] [20030613 18:40]: wrote:
  In the last episode (Jun 13), ODHIAMBO Washington said:
   
   My log files (and console) fill up with these messages.
   
arp: 62.8.64.172 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
arp: 62.8.64.201 moved from 00:c0:05:10:01:f1 to 00:c0:05:11:01:f1 on bge1
arp: 62.8.64.201 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
arp: 62.8.64.145 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
arp: 62.8.64.212 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
arp: 62.8.64.188 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
   ...
  
  What are the machines at those two mac addresses?  Are they maybe
  clustered servers, and during failover, you see an arp line for each ip
  that gets moved from one to the other
 
 Now that points me towards some clue ... those mac addresses are not even on
 the box where I am seeing these messages.
 I can see the mac addresses by using ifconfig, yes??
 So some machines, possibly routers, are doing this...

Maybe.  Routers shouldn't cause this because they only deal with
packets not in your subnet. The kernel only keeps MAC addresses for IPs
in your subnet. 

Your kernel is complaining that incoming packets that were coming in
with an IP of 62.8.64.188 and a MAC address of 00:c0:05:11:01:f1 are
now arriving with a MAC address of 00:c0:05:10:01:f1.  This could mean
that two active phyical machines are configured with the same IP
address (i.e. an IP conflict), two physical machines alternate using
that IP (i.e. failover clustering), or that your ifconfig netmask is
too large and the kernel is remembering MAC addresses for IPs that it
should really be forwaring to a router instead.

You can use the arp -a or netstat -r commands to display the IP-MAC
mappings the kernel knows about.

-- 
Dan Nelson
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

arp messages: Why is this happening?

[ODHIAMBO Washington]

My log files (and console) fill up with these messages.


 arp: 62.8.64.172 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
 arp: 62.8.64.201 moved from 00:c0:05:10:01:f1 to 00:c0:05:11:01:f1 on bge1
 arp: 62.8.64.201 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
 arp: 62.8.64.145 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
 arp: 62.8.64.212 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
 arp: 62.8.64.188 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
...


Googling doesn't seem to give me a good answer as to why.
This is 4.8-STABLE




-Wash

-- 
Odhiambo Washington   [EMAIL PROTECTED]  The box said 'Requires
Wananchi Online Ltd.  www.wananchi.com  Windows 95, NT, or better,'
Tel: +254 2 313985-9  +254 2 313922 so I installed FreeBSD.   
GSM: +254 72 743223   +254 733 744121   This sig is McQ!  :-)


OK, so you're a Ph.D.  Just don't touch anything.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: arp messages: Why is this happening?

[Bill Moran]

ODHIAMBO Washington wrote:
My log files (and console) fill up with these messages.

arp: 62.8.64.172 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
arp: 62.8.64.201 moved from 00:c0:05:10:01:f1 to 00:c0:05:11:01:f1 on bge1
arp: 62.8.64.201 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
arp: 62.8.64.145 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
arp: 62.8.64.212 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
arp: 62.8.64.188 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
Could be that you're on a DHCP network and addresses are moving around a lot.

I'm on Adelphia cable internet, and I see these messages off and on.
Especially after network problems, there'll be a long list of them.
Occassionally, I'll see one MAC address that is generating a lot of
these messages ... I assume it's some broken Windows machine that
can't figure out what IP to use.
There is a sysctl that will turn off reporting of this:
net.link.ether.inet.log_arp_movements
Set it to 0 to stop the logging.
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: arp messages: Why is this happening?

[Dan Nelson]

In the last episode (Jun 13), ODHIAMBO Washington said:
 
 My log files (and console) fill up with these messages.
 
  arp: 62.8.64.172 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
  arp: 62.8.64.201 moved from 00:c0:05:10:01:f1 to 00:c0:05:11:01:f1 on bge1
  arp: 62.8.64.201 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
  arp: 62.8.64.145 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
  arp: 62.8.64.212 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
  arp: 62.8.64.188 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
 ...

What are the machines at those two mac addresses?  Are they maybe
clustered servers, and during failover, you see an arp line for each ip
that gets moved from one to the other?

-- 
Dan Nelson
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: arp messages: Why is this happening?

[Mark Atkinson]

This is probably a DHCP network?  This would happen if a client gets a 
new DHCP assigned IP address, instead of it's old one, and before the
freebsd boxes' ARP cache expired for that machine.  Usually this only 
happens with:

- broken DHCP clients (not requesting it's old ip back upon reboot).
- broken DHCP servers (not maintaining lease state properly to
   assign clients their old addresses)
- tight DHCP address spaces (ie. the DHCP server must reuse previously
 leased IP addresses to accomodate
 new DISCOVERS).
or a combination of the above.

Either that or you have a whole bunch of machines that use gratuitous
ARP to advertise the new interfaces in a failover situation.
ODHIAMBO Washington wrote:
My log files (and console) fill up with these messages.



arp: 62.8.64.172 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
arp: 62.8.64.201 moved from 00:c0:05:10:01:f1 to 00:c0:05:11:01:f1 on bge1
arp: 62.8.64.201 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
arp: 62.8.64.145 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
arp: 62.8.64.212 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
arp: 62.8.64.188 moved from 00:c0:05:11:01:f1 to 00:c0:05:10:01:f1 on bge1
...

Googling doesn't seem to give me a good answer as to why.
This is 4.8-STABLE


-Wash

---
Mark
atkin901 at NOSPAM yahoo dot com
(!wired)?(coffee++):(wired);
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Supress ARP messages?

[Lasse Laursen]

Hi all,

We have a clustered setup of FreeBSD machines and we get a load of there
messages:

arp: 10.0.0.254 moved from 00:d0:b7:7e:b1:6d to 00:d0:b7:a0:07:2f on fxp0
arp: 10.0.0.254 moved from 00:d0:b7:a0:07:2f to 00:d0:b7:7e:b1:6d on fxp0
arp: 10.0.0.254 moved from 00:d0:b7:7e:b1:6d to 00:d0:b7:a0:07:2f on fxp0
arp: 10.0.0.254 moved from 00:d0:b7:a0:07:2f to 00:d0:b7:7e:b1:6d on fxp0

each time a machine takes over another machines IP addresses. Are there any
way to supress these messages?



Regards

--
Lasse Laursen [EMAIL PROTECTED] - Systems Developer
NetGroup A/S, St. Kongensgade 40H, DK-1264 København K, Denmark
Phone: +45 3370 1526 - Fax: +45 3313 0066 - Web: www.netgroup.dk

- We don't surf the net, we make the waves.



To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message

Re: Supress ARP messages?

[Dancho Penev]

On Mon, Feb 17, 2003 at 11:34:03AM +0100, Lasse Laursen wrote:

From: Lasse Laursen [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Supress ARP messages?
Date: Mon, 17 Feb 2003 11:34:03 +0100

Hi all,

We have a clustered setup of FreeBSD machines and we get a load of there
messages:

arp: 10.0.0.254 moved from 00:d0:b7:7e:b1:6d to 00:d0:b7:a0:07:2f on fxp0
arp: 10.0.0.254 moved from 00:d0:b7:a0:07:2f to 00:d0:b7:7e:b1:6d on fxp0
arp: 10.0.0.254 moved from 00:d0:b7:7e:b1:6d to 00:d0:b7:a0:07:2f on fxp0
arp: 10.0.0.254 moved from 00:d0:b7:a0:07:2f to 00:d0:b7:7e:b1:6d on fxp0

each time a machine takes over another machines IP addresses. Are there any
way to supress these messages?


# sysctl net.link.ether.inet.log_arp_movements=0





Regards

--
Lasse Laursen [EMAIL PROTECTED] - Systems Developer
NetGroup A/S, St. Kongensgade 40H, DK-1264 K?benhavn K, Denmark
Phone: +45 3370 1526 - Fax: +45 3313 0066 - Web: www.netgroup.dk

- We don't surf the net, we make the waves.



To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message


--
Regards,
Dancho Penev

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message