Henrique de Moraes Holschuh wrote:
Well, I have seen ARP overflows on very big flat networks (e.g. 172.16.0.0/16) for example. Is any of yours that big? Otherwise, why would the firewall be trying to resolve so many ARP addresses, instead of forwarding the packets to its default gateway, or rejecting the IP packets as unrouteable?
My net has netmask /24 and the firewall is connected to an upstream router which sits in 134.102.0.0/16. The other gateway sits between my site and two /24 nets but this gateway doesn't seem to be affected. I noticed that the arp cache contains the very IP addresses the windows machines are trying to connect to. (And they all resolve to the same ethernet address, namely the one of the upstream router.) So it seems arp resolution occurs even though the packets are being dropped. That's why I thought the bridge before the firewall could be a good idea. But I guess the net gets clogged even before it reaches the bridge.
Anyway, see http://www.atm.tut.fi/list-archive/linux-diffserv/msg00962.html
I will try and increase the cache size and do some more experiments on the weekend but maybe the only solution is to update all the windows machines to SP2 (I hear the windows guys already got started with that.)
cheers, ben
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
