ARP not working on interface that does not have an IP

dmitry surovtsev dsurovtsev at yahoo.com
Fri Sep 19 06:33:46 PDT 2003 

Try to give rl0 and ADSL ip addresses from the same
net, i.e. 192.168.1.1 and 192.168.1.2. rl1 may remain
192.168.0.2.
as well, PCsof your LAN should have 192.168.0.2 as
default gw.


Subject: ARP not working on interface that does not
have an IP
To: <freebsd-ipfw at freebsd.org>
Message-ID: <000c01c37c84$84017080$4d00a8c0 at mickey>
Content-Type: text/plain;       charset="Windows-1252"

My description is lengthy but believe me, it is a
"simple" problem.

Greetings,

I am trying to insert a FreeBSD Bridging Firewall into
an existing 
office broadband network.

[[ ADSL modem / router (double as a NAT box) ]] <===> 
[[ "rl0" FreeBSD 
"rl1" ]] <===> [[ office LAN switch ]]

"rl0" is connected to the outside ADSL box and "rl1"
is connected to 
the internal office LAN switch

The ADSL box has an IP of 192.168.0.1 and is the
default router for 
everybody. "rl1" has an IP of 192.168.0.2 while "rl0"
does not have an IP 
configured.

I have 99% of everything working, including the
passing of ARP (I am 
running ipfw2 on 5.1R). The PCs on the office internal
LAN can connect to 
the outside world with no problem whatsoever.

The only problem is "rl0" doesn't seem to be able to
look up the MAC 
address of 192.168.0.1 (the ADSL router) through ARP
and that means any 
TCP/IP connections I initiated on the FreeBSD box to
the outside world 
would fail.

? (192.168.0.1 at (incomplete) on rl1 [ethernet]

Looks like the system is expecting the ARP entry to
come from rl1 while 
it should have been from rl0.

I ran tcpdump on "rl0" and saw both the outgoing ARP
requests from the 
FreeBSD box and the ARP replies from 192.168.0.1. It
is just the 
FreeBSD box never seem to get the ARP replies. This
problem stays the same 
even when I run an "open" firewall so I am quite sure
it is not something 
about the rules.

If I give "rl0" an IP address and leave "rl1" without
one then the 
problem is reversed, i.e. "rl1" cannot get any ARP
stuff going.

I also tried to give "rl0" an IP address of
192.168.0.3 but "ifconfig" 
wouldn't take it complaining about:

ifconfig: ioctl (SIOCAIFADDR): File exists

I also tried to give "rl0" an IP address from another
subnet (just to 
fake it) say 192.168.1.1 but then FreeBSD complained
about the ARP 
replies of 192.168.0.1 were coming from the "wrong
interface". It was 
expecting it to come from "rl1" (who is in the network
range of 192.168.0.0) 
instead of from "rl0" (who is NOT in the networking
range of 
192.168.0.0).

I think I exhausted my experience here and would
really appreciate some 
help.

Many thanks!

Andrew

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

More information about the freebsd-ipfw mailing list