vlan and staticarp

blackjack

Member

Reaction score: 2
Messages: 23

Hi all.
I am using FreeBSD as gate to internet.
Code:
FreeBSD router.local.net.ua 7.0-RELEASE FreeBSD 7.0-RELEASE #1: Fri Jun 13 17:26:05 EEST 2008     admin@router.local.net.ua:/usr/src/sys/i386/compile/GATE  i386

I have a 10 VLAN and two NIC
Code:
ifconfig


Code:
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
	ether 00:07:e9:0a:a4:73
	inet 172.16.21.124 netmask 0xffffff00 broadcast 172.16.21.255
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8<VLAN_MTU>
	ether 00:1d:0f:bd:8f:7b
	inet 81.21.xx.xx1 netmask 0xfffffff8 broadcast 81.21.xx.xxx
	inet 81.21.xx.xx2 netmask 0xfffffff8 broadcast 81.21.xx.xxx
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
vlan11: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=3<RXCSUM,TXCSUM>
	ether 00:07:e9:0a:a4:73
	inet 172.16.24.124 netmask 0xffffff00 broadcast 172.16.24.255
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
	vlan: 11 parent interface: em0
vlan22: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=3<RXCSUM,TXCSUM>
	ether 00:07:e9:0a:a4:73
	inet 172.16.22.124 netmask 0xffffff00 broadcast 172.16.22.255
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
	vlan: 22 parent interface: em0
vlan23: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=3<RXCSUM,TXCSUM>
	ether 00:07:e9:0a:a4:73
	inet 172.16.23.124 netmask 0xffffff00 broadcast 172.16.23.255
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
	vlan: 23 parent interface: em0
vlan25: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=3<RXCSUM,TXCSUM>
	ether 00:07:e9:0a:a4:73
	inet 172.16.25.124 netmask 0xffffff00 broadcast 172.16.25.255
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
	vlan: 25 parent interface: em0
vlan26: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=3<RXCSUM,TXCSUM>
	ether 00:07:e9:0a:a4:73
	inet 172.16.26.124 netmask 0xffffff00 broadcast 172.16.26.255
	inet 192.168.101.100 netmask 0xffffff00 broadcast 192.168.101.255
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
	vlan: 26 parent interface: em0
vlan30: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=3<RXCSUM,TXCSUM>
	ether 00:07:e9:0a:a4:73
	inet 172.16.30.124 netmask 0xffffff00 broadcast 172.16.30.255
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
	vlan: 30 parent interface: em0
vlan31: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=3<RXCSUM,TXCSUM>
	ether 00:07:e9:0a:a4:73
	inet 172.16.31.124 netmask 0xffffff00 broadcast 172.16.31.255
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
	vlan: 31 parent interface: em0
vlan32: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=3<RXCSUM,TXCSUM>
	ether 00:07:e9:0a:a4:73
	inet 172.16.32.124 netmask 0xffffff00 broadcast 172.16.32.255
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
	vlan: 32 parent interface: em0
vlan33: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=3<RXCSUM,TXCSUM>
	ether 00:07:e9:0a:a4:73
	inet 172.16.33.124 netmask 0xffffff00 broadcast 172.16.33.255
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
	vlan: 33 parent interface: em0
vlan40: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=3<RXCSUM,TXCSUM>
	ether 00:07:e9:0a:a4:73
	inet 172.16.40.124 netmask 0xffffff00 broadcast 172.16.40.255
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
	vlan: 40 parent interface: em0
vlan100: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=3<RXCSUM,TXCSUM>
	ether 00:07:e9:0a:a4:73
	inet 172.16.100.124 netmask 0xffffff00 broadcast 172.16.100.255
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
	vlan: 100 parent interface: em0



I create file /etc/staticarp/static.mac with IP adderss and mac address of local clients like this:
Code:
172.16.100.30 00:1d:0f:c4:10:ad pub

then set IP-MAC
Code:
arp -f /etc/staticarp/static.mac

Then i did
Code:
ifconfig vlan100 staticarp

Code:
vlan100: flags=88843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,STATICARP> metric 0 mtu 1500
	options=3<RXCSUM,TXCSUM>
	ether 00:07:e9:0a:a4:73
	inet 172.16.100.124 netmask 0xffffff00 broadcast 172.16.100.255
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
	vlan: 100 parent interface: em0


And this work some time (1 hour or 2) but then all vlan stop work and ping looks like this
Code:
ping 172.16.100.52

Code:
ping: sendto: invalid argument


Code:
netstat -rn

Code:
172.16.100.1    link#34            UHLW          0        0 vlan100
....
172.16.100.254    link#34            UHLW          0        0 vlan100

I need to use this because in local network somebody arp spoof or it is a virus.
This is the log when spoofing is active.
Code:
Sep 19 19:37:29 router kernel: arp: 172.16.24.155 moved from 00:0f:ea:3b:34:91 to 00:0f:ea:f6:c3:de on vlan11
Sep 19 19:37:29 router kernel: arp: 172.16.24.183 moved from 00:0f:ea:3b:34:91 to 00:11:5b:7a:85:c5 on vlan11
Sep 19 19:37:29 router kernel: arp: 172.16.24.192 moved from 00:0f:ea:3b:34:91 to 00:02:2a:e1:e8:bf on vlan11
Sep 19 19:37:29 router kernel: arp: 172.16.24.218 moved from 00:0f:ea:3b:34:91 to 00:19:e0:13:cb:ee on vlan11
Sep 19 19:37:29 router kernel: arp: 172.16.24.220 moved from 00:0f:ea:3b:34:91 to 00:14:2a:84:be:94 on vlan11
Sep 19 19:37:29 router kernel: arp: 172.16.24.231 moved from 00:0f:ea:3b:34:91 to 00:0f:ea:c1:7e:41 on vlan11

Why this does not work? Why disappear route to hosts in vlan? Why arp table refresh when interface cofigured to use static record IP-MAC?
This is my topics
http://forum.lissyara.su/viewtopic.php?f=8&t=11136&p=110421&hilit=Борьба#p99856
http://www.opennet.ru/openforum/vsluhforumID1/82574.html
PS. Sorry for bad english.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 10,108
Messages: 35,583

I need to use this because in local network somebody arp spoof or it is a virus.
Maybe you should fix the problem instead of the symptoms?
 
OP
B

blackjack

Member

Reaction score: 2
Messages: 23

It is impossible. In local network 854 clients. I can`t go to every client and control his computer.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 10,108
Messages: 35,583

blackjack said:
It is impossible. In local network 854 clients. I can`t go to every client and control his computer.

Not impossible.. We have 60.000 workstations.. It takes a bit of networking-fu to trace it through all the routers and switches. But in the end you'll know the switch and the port. After that it's just a matter of following the cable :D
 

tbyte

Active Member

Reaction score: 3
Messages: 119

But there is still a problem, the thing he is doing should work.
 

Alt

Aspiring Daemon

Reaction score: 82
Messages: 726

I create file /etc/staticarp/static.mac with IP adderss and mac address of local clients like this:
Code:

172.16.100.30 00:1d:0f:c4:10:ad pub
Try records without "pub":
172.16.100.30 00:1d:0f:c4:10:ad
This option dont worked for me when i used same technique.
 

Alt

Aspiring Daemon

Reaction score: 82
Messages: 726

man arp
If the word pub is given,
the entry will be ``published''; i.e., this system
will act as an
ARP server, responding to requests for hostname even though the
host address is not its own.
Тоесть при использовании параметра pub шлюз начинает отвечать *вместо* данного айпишника. Отсюда и изменеия адресов. У меня было что при использовании ее начинались конфликты у абонентов.. Вобщем то что ты хочешь, с pub неработает=) А вообще, я так делал(без пуба) и должно работать....
Может у тебя по крону интерфейсы пересоздаются или рестартятся както?
 
OP
B

blackjack

Member

Reaction score: 2
Messages: 23

Ну попробую еще раз. Пусть так и будет. Если не будет работать, значит у меня карма плохая :)
 

bsdfunn

New Member


Messages: 14

ipguard - tool designed to protect LAN IP adress space by ARP spoofing.

ipguard listens network for ARP packets. All permitted MAC/IP pairs listed in 'ethers' file. If it recieves one with MAC/IP pair, which is not listed in 'ethers' file, it will send ARP reply with configured fake address. This will prevent not permitted host to work properly in this ethernet segment.


http://ipguard.deep.perm.ru/
 
Top