Hi all.
I am using FreeBSD as gate to internet.
FreeBSD router.local.net.ua 7.0-RELEASE FreeBSD 7.0-RELEASE #1: Fri Jun 13 17:26:05 EEST 2008 admin@router.local.net.ua:/usr/src/sys/i386/compile/GATE i386

I have a 10 VLAN and two NIC
ifconfig

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:07:e9:0a:a4:73
inet 172.16.21.124 netmask 0xffffff00 broadcast 172.16.21.255
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:1d:0f:bd:8f:7b
inet 81.21.xx.xx1 netmask 0xfffffff8 broadcast 81.21.xx.xxx
inet 81.21.xx.xx2 netmask 0xfffffff8 broadcast 81.21.xx.xxx
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan11: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:07:e9:0a:a4:73
inet 172.16.24.124 netmask 0xffffff00 broadcast 172.16.24.255
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
vlan: 11 parent interface: em0
vlan22: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:07:e9:0a:a4:73
inet 172.16.22.124 netmask 0xffffff00 broadcast 172.16.22.255
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
vlan: 22 parent interface: em0
vlan23: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:07:e9:0a:a4:73
inet 172.16.23.124 netmask 0xffffff00 broadcast 172.16.23.255
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
vlan: 23 parent interface: em0
vlan25: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:07:e9:0a:a4:73
inet 172.16.25.124 netmask 0xffffff00 broadcast 172.16.25.255
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
vlan: 25 parent interface: em0
vlan26: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:07:e9:0a:a4:73
inet 172.16.26.124 netmask 0xffffff00 broadcast 172.16.26.255
inet 192.168.101.100 netmask 0xffffff00 broadcast 192.168.101.255
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
vlan: 26 parent interface: em0
vlan30: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:07:e9:0a:a4:73
inet 172.16.30.124 netmask 0xffffff00 broadcast 172.16.30.255
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
vlan: 30 parent interface: em0
vlan31: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:07:e9:0a:a4:73
inet 172.16.31.124 netmask 0xffffff00 broadcast 172.16.31.255
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
vlan: 31 parent interface: em0
vlan32: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:07:e9:0a:a4:73
inet 172.16.32.124 netmask 0xffffff00 broadcast 172.16.32.255
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
vlan: 32 parent interface: em0
vlan33: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:07:e9:0a:a4:73
inet 172.16.33.124 netmask 0xffffff00 broadcast 172.16.33.255
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
vlan: 33 parent interface: em0
vlan40: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:07:e9:0a:a4:73
inet 172.16.40.124 netmask 0xffffff00 broadcast 172.16.40.255
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
vlan: 40 parent interface: em0
vlan100: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:07:e9:0a:a4:73
inet 172.16.100.124 netmask 0xffffff00 broadcast 172.16.100.255
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
vlan: 100 parent interface: em0



I create file /etc/staticarp/static.mac with IP adderss and mac address of local clients like this:
172.16.100.30 00:1d:0f:c4:10:ad pub
then set IP-MAC
arp -f /etc/staticarp/static.mac
Then i did
ifconfig vlan100 staticarp
vlan100: flags=88843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,STATICARP> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:07:e9:0a:a4:73
inet 172.16.100.124 netmask 0xffffff00 broadcast 172.16.100.255
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
vlan: 100 parent interface: em0


And this work some time (1 hour or 2) but then all vlan stop work and ping looks like this
ping 172.16.100.52
ping: sendto: invalid argument

netstat -rn
172.16.100.1 link#34 UHLW 0 0 vlan100
....
172.16.100.254 link#34 UHLW 0 0 vlan100

I need to use this because in local network somebody arp spoof or it is a virus.
This is the log when spoofing is active.
Sep 19 19:37:29 router kernel: arp: 172.16.24.155 moved from 00:0f:ea:3b:34:91 to 00:0f:ea:f6:c3:de on vlan11
Sep 19 19:37:29 router kernel: arp: 172.16.24.183 moved from 00:0f:ea:3b:34:91 to 00:11:5b:7a:85:c5 on vlan11
Sep 19 19:37:29 router kernel: arp: 172.16.24.192 moved from 00:0f:ea:3b:34:91 to 00:02:2a:e1:e8:bf on vlan11
Sep 19 19:37:29 router kernel: arp: 172.16.24.218 moved from 00:0f:ea:3b:34:91 to 00:19:e0:13:cb:ee on vlan11
Sep 19 19:37:29 router kernel: arp: 172.16.24.220 moved from 00:0f:ea:3b:34:91 to 00:14:2a:84:be:94 on vlan11
Sep 19 19:37:29 router kernel: arp: 172.16.24.231 moved from 00:0f:ea:3b:34:91 to 00:0f:ea:c1:7e:41 on vlan11
Why this does not work? Why disappear route to hosts in vlan? Why arp table refresh when interface cofigured to use static record IP-MAC?
This is my topics
http://forum.lissyara.su/viewtopic.php?f=8&t=11136&p=110421&hilit=%D0%91%D0%BE%D1%80%D1%8C%D0%B1%D0%B0#p99856
http://www.opennet.ru/openforum/vsluhforumID1/82574.html
PS. Sorry for bad english.

I need to use this because in local network somebody arp spoof or it is a virus.
Maybe you should fix the problem instead of the symptoms?

It is impossible. In local network 854 clients. I can`t go to every client and control his computer.

It is impossible. In local network 854 clients. I can`t go to every client and control his computer.

Not impossible.. We have 60.000 workstations.. It takes a bit of networking-fu to trace it through all the routers and switches. But in the end you'll know the switch and the port. After that it's just a matter of following the cable :D

But there is still a problem, the thing he is doing should work.

Its my configs.

I create file /etc/staticarp/static.mac with IP adderss and mac address of local clients like this:
Code:

172.16.100.30 00:1d:0f:c4:10:ad pub
Try records without "pub":
172.16.100.30 00:1d:0f:c4:10:ad
This option dont worked for me when i used same technique.

No, it doesn`t work.

man arp
If the word pub is given,
the entry will be ``published''; i.e., this system
will act as an
ARP server, responding to requests for hostname even though the
host address is not its own.
Тоесть при использовании параметра pub шлюз начинает отвечать *вместо* данного айпишника. Отсюда и изменеия адресов. У меня было что при использовании ее начинались конфликты у абонентов.. Вобщем то что ты хочешь, с pub неработает=) А вообще, я так делал(без пуба) и должно работать....
Может у тебя по крону интерфейсы пересоздаются или рестартятся както?

Ну попробую еще раз. Пусть так и будет. Если не будет работать, значит у меня карма плохая :)

Any suggestion?

ipguard - tool designed to protect LAN IP adress space by ARP spoofing.

ipguard listens network for ARP packets. All permitted MAC/IP pairs listed in 'ethers' file. If it recieves one with MAC/IP pair, which is not listed in 'ethers' file, it will send ARP reply with configured fake address. This will prevent not permitted host to work properly in this ethernet segment.


http://ipguard.deep.perm.ru/

Thank you.:) I will try it.