FreeBSD Arp trouble

jmstacey

jmstacey

Verified User
Joined
Feb 12, 2004
Messages
4,106
Location
Colorado
I need some help. I'm running freebsk and every day or so it reports /kernel: arp: such and such mac address is using my ip address. this is a problem between my isp and they can't fix it, so is there a way to disable the arp stuff because for somereason it disables the server until I can restart it so it reclaims that ip address. THen is there a way to set it up to claim that ip address every hour or so?

Thanks
 
Can you post the full log?

It could many many things, are you using DHCP? What is the server connected to, switch, hub, router?

Their is a conflict somewhere...
 
Here is the full message that is displayed:

Mar 15 09:45:08 server /kernel: arp: 00:0c:41:4c:2a:b3 is using my IP address 66.54.206.17!

After that the server is not acessible from the web until I restart so I think if I could get the server to force itself to claim that ip address every so often instead of giving up would fix my problem..

Heres my conection:
WAN -> Switch -> Router for another network -> 5 computers
.....................|
.....................-> Server

Both the server and the router have different ip addresses and the mac address in the error messages on the server do not match the any hardware on my network.
 
Is that normally caused by a misconfigured switch or misconfigured machine on the network. If you are running DHCP that would be the normal cause of the problem. Give that a static address from the DHCP pool.

Try isolating the problem with tcpdumps
 
Its a unmanaged switch, but the mac address doesn't match any of my computers on the network. and it happens even if its plugged directly into the wan connection, so its nothing on my side..
 
When you say WAN do you mean a drop from directly from another ISP or are you talking about from a router connected to a ISP somewhere?

The reason I ask because you can have runt packets on the network or one close by. It is also possible to get those from faulty wiring or white noise, etc. The other issue you could be having what is the NIC card running 10bt or 100bt? What is the router or switch running 10bt or 100bt?
 
I believe it is a router connected to an isp. I don't have a connection directly to the major backbone if thats what you mean

It is possibly interference since it is a wireless connection.

Running tcpdump there is extreme ammounts of activity, mostly arp who-is stuff, don't know if thats normal.

Something new I didn't try before. It happens more often wheneI try pinging the server continuosly 100 times, it sometimes doesn't make it 100 times and gives that message and drops of the planet.
When it does succeed there is 3% packet loss using 1450bytes and 25% loss using 1500bytes

Searching google there is talk about a patch to the kernel that will fix this problem but I can't find the patch or what I need to do?
 
A security patch for ARP was available but I assumed you have updated have have that patch. I am not convinced that is the problem. What FBSD version are you running.

If you have wireless can other users connect to it omnidirectional or is it directional? You will get those errors from that I listed so you should go through each one. I know it will be difficult to connect directly to the net.

It could be a misconfigured router at your ISP. You may want to contact them...
 
Running 4.9

I'll give my isp a call but I don't think they can do much about it.
As for the wireless connection, I'm not sure. All users connect with a motorola canopy and as far as I can tell browsing through the control panel for it, there isn't any information that would be isp specific so I guess it would be possible for someone with the same canopy intercept, although I'm not sure how they get the static ip address assignment to work then... :confused:

Doing an arp -a command, what SHOULD be there? Currently there are two entries, one for the server itself and one for my isp. I ran a arp -d -a and restarted and only the isp entry came back so we'll see. If this is where you bridge stuff it might have been stealing the ip address from itself?
Anyway, tell me what you think
 
You must log in or register to reply here.
Back
Top