OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Richard P. Koett (mail-lists_at_telus.net)
Date: Fri Jan 10 2003 - 08:18:23 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I found a lot of stuff in the archives similar to my problem,
    but not exact. Briefly:

    I have a three-legged firewall.
    Internal IP (on fpx2) is 192.168.1.254
    External IP is (on fxp0) 207.232.115.249
    No IP on DMZ interface (fxp1)
    fxp0 and fxp1 are bridged

    Things work fine, but I get an excessive amount of
    messages logged like the following:

    /bsd: arplookup: unable to enter address for 207.232.115.242

    207.232.115.242 is on the same hub as the fxp1
    interface (in the DMZ).

    I don't even understand how this box manages to communicate
    with 207.232.115.242, given that can't create an arp entry mapping
    the IP address to a MAC address, but in any case I would appreciate
    any advice on how to elimate these messages.

    Some info that may be helpful to start:

    From "ifconfig -A":
    fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
            address: 00:a0:c9:db:e8:41
            media: Ethernet autoselect (100baseTX)
            status: active
            inet 207.232.115.249 netmask 0xfffffff8 broadcast 207.232.115.255
            inet6 fe80::2a0:c9ff:fedb:e841%fxp0 prefixlen 64 scopeid 0x1
    fxp1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
            address: 00:a0:c9:db:db:3c
            media: Ethernet autoselect (100baseTX)
            status: active
            inet6 fe80::2a0:c9ff:fedb:db3c%fxp1 prefixlen 64 scopeid 0x2
    fxp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
            address: 00:a0:c9:ce:0d:91
            media: Ethernet autoselect (100baseTX)
            status: active
            inet 192.168.1.254 netmask 0xffffff00 broadcast 192.168.1.255
            inet6 fe80::2a0:c9ff:fece:d91%fxp2 prefixlen 64 scopeid 0x3

    From "brconfig -a":
    bridge0: flags=41<UP,RUNNING>
            Configuration:
                    priority 32768 hellotime 2 fwddelay 15 maxage 20
            Interfaces:
                    fxp1 flags=3<LEARNING,DISCOVER>
                            port 2 priority 128
                    fxp0 flags=3<LEARNING,DISCOVER>
                            port 1 priority 128
            Addresses (max cache: 100, timeout: 240):
                    00:e0:52:04:d0:a4 fxp0 1 flags=0<>
                    00:10:7b:42:f9:27 fxp0 1 flags=0<>
                    00:10:5a:e0:67:4b fxp1 0 flags=0<>
                    00:a0:c9:5e:a8:29 fxp0 1 flags=0<>
                    00:03:9f:1b:b8:2f fxp0 1 flags=0<>
                    00:50:ba:8f:58:68 fxp1 1 flags=0<>
    bridge1: flags=0<>
            Configuration:
                    priority 32768 hellotime 2 fwddelay 15 maxage 20
            Interfaces:
            Addresses (max cache: 100, timeout: 240):