I'm running 5.3-RELEASE-p5 on a system that is functioning as a NAT router/firewall using "pf". It works just fine, but . . . .
The external (Internet) network connection is giving me incoming traffic addressed to other users all over my neighborhood (not just the packets intended for me). The external NIC (an Accton MPX 5030/5038, handled via the "rl" driver) appears to be running promiscuously; it's accepting all these incoming packets, whether addressed to me or not.
The flags shown for the NIC by the "ifconfig" command are:
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
Note that the PROMISC flag is =not= set, but the NIC seems to be acting in a promiscuous fashion nevertheless.
Although my firewall (an old 800-MHz Athlon system) is able to handle this extra load, I'd really like to configure it so that the packets not intended for my site are silently dropped and never seen by FreeBSD at all. (Aside from simple neatness, I'm aware of the failings of the RealTek 8129/8139 and am hoping to reduce overhead by filtering out the extraneous traffic before the driver would see it.)
Any suggestions as to what I should do? Or is what I'm asking simply impossible (and if so, why)? Thanks for any help.
Rich Wales [EMAIL PROTECTED] http://www.richw.org
_______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
