On Sat, 31 Mar 2007, Scott Ullrich wrote:
On 3/31/07, Charles Sprickman <[EMAIL PROTECTED]> wrote:
I'm not sure that's going to help - I have no interfaces sharing the same
physical network, and the messages are from hosts on the bridged OPT1, not
from pfsense itself.
This suppresses that log mesasge.
Just out of curiousity, what does this setting actually do? Does it move
the WAN IP to the bridge interface?
In short, the pfsense box seems to be flipping between using the WAN and
OPT1 MACs when talking to the bridged hosts.
See above.
FreeBSD bug?
Doubt it. It sounds to me like a misconfigured network. I have 10+
teams on my network using LACP and none of our FreeBSD boxen (10+)
shows these symptoms.
It's pretty much impossible for the network to be misconfigured - there's
a cat5 cable from ADSL router to PFSense box's WAN interface - no switch
or hub there. The hosts with the arp messages are hooked up to a switch
that is connected to the PFSense box's OPT1 interface. These are all
distinct NICs, no VLANs or anything. What's in the diagram I posted is
exactly what is in the office except for the fact that there are quite a
few more LAN side hosts. I'm sure you get people telling you "I'm SURE I
did it right!" all the time, but I did put this network together and I've
been doing networking stuff for ISPs since about '97 or so. I have broken
and fixed many larger networks than this in my time, and learned many
lessons. :) I've got the fundamentals down.
I think that this thread may apply:
http://lists.freebsd.org/pipermail/freebsd-stable/2007-January/031942.html
(start of thread)
http://lists.freebsd.org/pipermail/freebsd-stable/2007-January/032182.html
(most relevant message)
In brief, it sounds like the "proper" way to do bridging in FreeBSD is to
leave both member interfaces without IPs and to assign the bridge
interface itself the IP.
However the above message states:
"The reason is that the arp reply when bridging sends the mac address of
the nic where the request came in, so laptop1 will get the mac of tl0.
The other problem that was fixed in r1.84 was that locally destined
packets to the bridge were always broadcast when they shouldn't.
Anything on the rest of the network arping for the rl0 address would
cause the arp reply to also be sent to laptop1 (with rl0's address),
hence the logged 'address moved' warnings.
Some people pointed out that the address should be assigned to the
bridge interface which is correct, but they way you had it still works
and now that warning is now fixed."
I'm running pfsense 1.0.1, which looks to be FreeBSD 6.1-p10, so that fix
is not in there.
So the mystery is probably solved - the fix will come in with some later
version of FreeBSD, I don't see what file Daniel was talking about so I'm
not sure where the fix popped up - 6.2 or STABLE mid-January.
And to shut up the other machines, this works:
sysctl -w net.link.ether.inet.log_arp_movement=0
Charles
Scott
Scott
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
