> I keep getting these messages in my system log and my client PCs can't
> connect to the application on the "wan" side of the firewall.
> /kernel: arp: 192.168.103.23 moved from 00:00:0c:07:ac:06 to
> 00:0d:28:13:53:f7 on sis1
> My monowall is setup very simple. No rules for inbound, standard
> on NAT, no traffic shaping, no proxy arp setup. I do have a large
> network on the LAN side 192.168.0.0 /16. I have searched the archives
> but no luck.
I seriously doubt if this is a proxy ARP issue. And I'd be surprised if
this is related to your problem at all. You see messages like these
when an IP changes from one NIC to another (hence the MAC change).
If this were a WAN interface giving the messages, I'd say it was your
ISP's router failing over to another NIC (I've seen poorly configured
failover on Cisco gear hop interfaces, and hence MAC addresses
repeatedly and generate messages such as this).
In this instance, that particular IP is being assigned to a different
network card prior to it timing out in m0n0's ARP cache (FreeBSD
standard timeout is 5 minutes, IIRC, I'd assume m0n0 is the same). Or
somebody is spoofing MAC addresses.
This is an internal network issue, and definitely something I'd
investigate as this is a sure indicator of something weird going on on
your LAN, but on to your problem.
By "application on the 'wan' side of the firewall", what exactly do you
mean? Possibly this: http://m0n0.ch/wall/docbook/faq-lannat.html ?
This electronic transmission is intended for the addressee or entity indicated above. It may contain
information that is privileged, confidential, or otherwise protected from disclosure. Any review,
dissemination or use of this transmission or its contents by persons other than the addressee is
prohibited. If you have received this transmission in error, we respectfully request that you notify
us immediately and erase all copies of this transmission. Thank You.