Hi,
I know that on a bridge interface "-learn em0" in hostname.bridge0 will
alleviate the "arp: attempt to add entry ..." errors.
Maybe if you put em0, em1 and em2 all in a bridge you could use
"-learn". I'd probably try something like:
hostname.bridge0:
add em0
add em1
-learn em1
add em2
-learn em2
up
Of course, that may completely break the DHCP requests... don't know.
-Barry
On 01/04/2011 05:09 PM, Teemu Rinta-aho wrote:
I have been succesfully running an OpenBSD firewall which has
three network interfaces connected to the same DSL box. I
use three of the five public IP addresses that my ISP lets me
have. I binat two of those to two hosts in my home network
and the third one is used for "regular" nat for the rest of
the hosts. Everything has worked well so far.
Now my ISP changed something in their DHCP server/routing scheme.
Two of the external interfaces get the same next hop (same IP,
same MAC) with DHCP. This causes problems with e.g. ARP. The setup
still seems to work somehow (badly, connections are breaking) but I
get errors like this:
arpresolve: 217.212.252.168: can't allocate llinfo
duplicate IP address 80.220.81.184 sent from ethernet address
00:30:18:ae:75:d5
arp: attempt to add entry for 80.220.64.1 on em2 by 00:02:cf:84:83:ff on em0
I tried to solve this by using different routing domains for
re0 (home) and em0, em1 and em2 (internet) interfaces, but then
it seems I cannot route between the domains even with pf. Otherwise
it solved the problem from the firewall-point-of-view.
Is there a way to get this kind of a setup to work?
Teemu
