[SOLVED] Re: Arplookup strange messages

Hi Erik and List,

yesterday my calbe modem went down for a while due to a problem on the line..
This also is the reason why I couldn't connect to the machine ;-)

My external interface (rl0) recieves the IP address from the cable
modem via DHCP, and when the line is down the modem assigns a private
IP to the machine.
In /var/log/messages, the logs of the new DHCP lease are followed from
the ones of arplookup:

Mar 10 15:19:24 gahr dhclient: New IP Address (rl0): 192.168.100.10
Mar 10 15:19:24 gahr dhclient: New Subnet Mask (rl0): 255.255.255.0
Mar 10 15:19:24 gahr dhclient: New Broadcast Address (rl0): 192.168.100.255
Mar 10 15:19:24 gahr dhclient: New Routers (rl0): 192.168.100.1

Mar 10 15:19:53 gahr kernel: arplookup 0.0.0.0 failed: host is not on
local network
Mar 10 15:20:24 gahr kernel: arplookup 0.0.0.0 failed: host is not on
local network

So the problem only raises when the cable modem is down, and when line
failures happen, the arplookup messages really aren't the things I
worry about..

Thank you!

Best Regards,


On 3/11/06, Erik Nørgaard <norgaard@xxxxxxxxxxxx> wrote:
Pietro Cerutti wrote:
Hi list,
today in the daily security report (periodic) of a i386 machine there
is this message repeated about 30 times:
+arplookup 0.0.0.0 failed: host is not on local network

From rfc 3330:

0.0.0.0/8 - Addresses in this block refer to source hosts on "this"
network. Address 0.0.0.0/32 may be used as a source address for this
host on this network; other addresses within 0.0.0.0/8 may be used to
refer to specified hosts on this network [RFC1700, page 4].

I think in packet filter you can specify 0/32 and it will automatically
be replaced by the ip on the relevant interface, this is useful when you
have nics configured with dhcp.

However, not all programs support this and will instead try to make an
arplookup which is bound to fail.

So first question is, what program causes this arplookup?

- Do you in your firewall rules specify 0/32?

- Do you have correctly set antispoofing?

If your firewall does not drop packets from 0/8 then it may try to send
a response to the invalid ip.

- Do you have dhcp configured somewhere for some host?

IIRC dhcp requests are sent with source 0/32 to destination
255.255.255.255/0 (rfc 2131). Your firewall may (it shouldn't, but check
anyway) incorrectly try to route it if you don't have the antispoofing
setup. If dhcp configuration fails, sometimes the interface gets
assigned the address 0/32 unless some fallback have been configured.

This could be a client on your network that is misconfigured.

The machine is the router (ipnat) and firewall (ipfilter) for a small
home network.
It runs postfix, sshd and nfsd.

My guess is to take a look at your firewall rules and check if there are
any misbehaving dhcp clients.

Since I'm away from home now, I can't sit in front of it and check
what's wrong. Furthermore, it seams that the machine is not accepting
ssh logins anymore, after those strange messages.

Well, then you have a problem correcting this - maybe someone can reboot
the machine for you?

Hope this helps, Erik

--
Ph: +34.666334818 web: http://www.locolomo.org
S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt
Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9
Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2



--
Pietro Cerutti
<pietro.cerutti@xxxxxxxxx>

Non lasciar calpestare i TUOI diritti!
Don't let 'em take YOUR rights!

NO al Trusted Computing!
Say NO to Trusted Computing!

www.no1984.org
www.againsttcpa.com
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: New laptop cant connect through hub
    ... change the setting on the pc with the issue to DHCP, ... and the modem is an Alcatel SpeedTouch Home. ... I also tried to install newer drivers for the network ... The DHCP server may or may not be on. ...
    (microsoft.public.windowsxp.network_web)
  • Re: network route
    ... In DHCP mode after several resets, ... the network config and set it to DHCP, then make sure network manager is ... hit the hard reset on the modem and reconfig ...
    (Fedora)
  • Re: DHCPNACK Message-IP Address Denied
    ... Try to set the computers with Static DHCP (I.e., the Router should assign upon renewal the same IP as before to each computer). ... DHCP Server) for the Network Card with network address 001731474566. ... > tried removing the router and connecting the modem directly to my ...
    (microsoft.public.windowsxp.network_web)
  • Re: Arplookup strange messages
    ... host is not on local network ... host on this network; other addresses within 0.0.0.0/8 may be used to ... I think in packet filter you can specify 0/32 and it will automatically be replaced by the ip on the relevant interface, this is useful when you have nics configured with dhcp. ... not all programs support this and will instead try to make an arplookup which is bound to fail. ...
    (freebsd-questions)
  • Re: simple home dns, dhcp server.
    ... i'm thinking could be used as the network dhcp instead of my modem ... this server would connect to ... dhcp address as well as provide an internel dns. ...
    (Debian-User)