[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

help with arp filtering...please!



I have a openbsd 3.1 bridge "firewall" as the 1st layer of defense on my cable modem network, and i am trying to find out how to affectly filter arp packets. My setup is:

1. connection to internet ....AT&T cable
2. bridge .....openbsd 3.1
3. RTR.."router/nat" ....openbsd 3.1

cable modem--------sis1(bridge)sis0---------sis1(RTR)sis0------(switch to lan)



The bridge rules and the router rules are to block everything inbound and outbound unless specifically permitted. Everything is working fine except i keep seeing constant arp --"who has packets". The arp packets are not seen on the lan but they are getting past the bridge and up to the sis1 interface on the router" Here is a tcpdump on the sis1 interface on the bridge.


07:27:34.976280 arp who-has 10.177.121.33 tell 10.177.120.1
07:27:34.977308 arp who-has 10.177.122.172 tell 10.177.120.1
07:27:34.978141 arp who-has 10.177.121.24 tell 10.177.120.1
07:27:34.978944 arp who-has 10.177.113.210 tell 10.177.112.1
07:27:34.979417 arp who-has 12.210.129.203 tell 12.210.128.1
07:27:34.979891 arp who-has 10.177.109.79 tell 10.177.108.1
07:27:34.980495 arp who-has 10.177.112.219 tell 10.177.112.1
07:27:34.980968 arp who-has 10.177.114.55 tell 10.177.112.1
07:27:34.981445 arp who-has 10.177.112.238 tell 10.177.112.1
07:27:34.981920 arp who-has 10.177.121.146 tell 10.177.120.1
07:27:34.982392 arp who-has 10.177.17.49 tell 10.177.16.1
07:27:34.982870 arp who-has 10.177.121.42 tell 10.177.120.1
07:27:34.983346 arp who-has 10.177.109.117 tell 10.177.108.1
07:27:34.983824 arp who-has 12.210.141.107 tell 12.210.128.1
07:27:35.267991 arp who-has 12.210.137.210 tell 12.210.128.1
07:27:35.287172 arp who-has 10.177.121.5 tell 10.177.120.1
07:27:35.291167 arp who-has 12.210.140.50 tell 12.210.128.1
07:27:35.493003 arp who-has 12.210.149.244 tell 12.210.144.1
07:27:35.910581 arp who-has 12.210.149.203 tell 12.210.144.1
07:27:36.335638 arp who-has 12.213.170.246 tell 12.213.168.1
07:27:36.336366 arp who-has 12.210.133.20 tell 12.210.128.1
07:27:36.573591 arp who-has 12.210.133.56 tell 12.210.128.1
07:27:36.700172 arp who-has 12.210.130.117 tell 12.210.128.1
07:27:36.802672 arp who-has 12.210.139.92 tell 12.210.128

the same is present on the sis1 interface @ the router but tcpdump on sis2 is clean.

Is it possible to filter this at the bridge?

thanks in advance.