Windows 2k arp table problem

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

In my LAN there are 2 gateway. One is for DSL 192.168.2.253 with a firewall
attached and one is for leased line conneted to another site 192.168.2.254.
My problem is most of my user's PC will use DHCP and have 192.168.2.253 as
the gateway since we are not allow every user has the internet access rights.
So i can set the internet access rights restriction through the firewall.
But recently I found out that some of my user manully input 1.1.1.1 as the
default gateway and their PC also gets into the internet from 192.168.2.254
which is conneted to other site. And the fake default gateway will obtained
the same MAC address from the Cisco which is 192.168.2.254. I tried in W2k
and XP both have the same result. I have tried to solve it for more than 2
weeks now.. and still don't have any hint at all..... Can anyone help...???

Thx in advance!!

C:\Documents and Settings\Ricky>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : cvr-mis-06
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139(A) PCI Fast
Ethernet

Physical Address. . . . . . . . . : 00-0A-EB-2C-FB-CF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.242
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 1.1.1.1
DNS Servers . . . . . . . . . . . : 192.168.2.4

C:\Documents and Settings\Ricky>route print
=====================================================
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 0a eb 2c fb cf ...... NDIS 5.0 driver

=====================================================

Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 1.1.1.1 192.168.2.242 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.242 192.168.2.242 1
192.168.2.242 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.2.255 255.255.255.255 192.168.2.242 192.168.2.242 1
224.0.0.0 224.0.0.0 192.168.2.242 192.168.2.242 1
255.255.255.255 255.255.255.255 192.168.2.242 192.168.2.242 1
Default Gateway: 1.1.1.1
=====================================================
Persistent Routes:
None

C:\Documents and Settings\Ricky>arp -a

Interface: 192.168.2.242 on Interface 0x1000003
Internet Address Physical Address Type
1.1.1.1 00-0d-65-ab-61-47 dynamic
192.168.2.254 00-0d-65-ab-61-47 dynamic

C:\Documents and Settings\Ricky>tracert www.yahoo.com

Tracing route to www.yahoo.akadns.net [216.109.117.205]
over a maximum of 30 hops:

1 15 ms <10 ms <10 ms 192.168.2.254
2 <10 ms 15 ms 16 ms 10.114.28.45
3 15 ms 32 ms 31 ms 10.114.1.218
 
Hi,

When a Cisco router (thinks it) has the best route to some
destination, in can proxy-arp for that destination, that is, reply
with its MAC address to any arp for any address to that destination.
192.168.2.254 has the best route for 1.1.1.1, hence its reply and the
ARP entry in the PC.
"best route" = a route not going back through network 192.168.2.0.

So either you disable proxy-arp with the following command on Cisco
no ip proxy-arp
if that suites you, or you get the routes right in both routers.
As all routers on a lan must normally have the same view of the
routes, the thing to do is to run a routing protocol such as OSPF or
RIP (best is V2) to tell their routes one to the other.
And then, a 192.168.2.x host sending a packet to the wrong router will
receive an ICMP redirect that will change its mind towards the other.
Hosts on 192.168.2.0 can run the RIP listener service to get the
correct routing table, and their destination outright.
Of course, only one router must have a default route or any other
route, at least, you must manage for only one router to announce each.

Hoping it will help (sure it will if you understood).
Just passing by this group, any thanks are best e-mailed.

André.


In my LAN there are 2 gateway. One is for DSL 192.168.2.253 with a firewall
attached and one is for leased line conneted to another site 192.168.2.254.
My problem is most of my user's PC will use DHCP and have 192.168.2.253 as
the gateway since we are not allow every user has the internet access rights.
So i can set the internet access rights restriction through the firewall.
But recently I found out that some of my user manully input 1.1.1.1 as the
default gateway and their PC also gets into the internet from 192.168.2.254
which is conneted to other site. And the fake default gateway will obtained
the same MAC address from the Cisco which is 192.168.2.254. I tried in W2k
and XP both have the same result. I have tried to solve it for more than 2
weeks now.. and still don't have any hint at all..... Can anyone help...???

Thx in advance!!

C:\Documents and Settings\Ricky>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : cvr-mis-06
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139(A) PCI Fast
Ethernet

Physical Address. . . . . . . . . : 00-0A-EB-2C-FB-CF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.242
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 1.1.1.1
DNS Servers . . . . . . . . . . . : 192.168.2.4

C:\Documents and Settings\Ricky>route print
=====================================================
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 0a eb 2c fb cf ...... NDIS 5.0 driver

=====================================================

Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 1.1.1.1 192.168.2.242 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.242 192.168.2.242 1
192.168.2.242 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.2.255 255.255.255.255 192.168.2.242 192.168.2.242 1
224.0.0.0 224.0.0.0 192.168.2.242 192.168.2.242 1
255.255.255.255 255.255.255.255 192.168.2.242 192.168.2.242 1
Default Gateway: 1.1.1.1
=====================================================
Persistent Routes:
None

C:\Documents and Settings\Ricky>arp -a

Interface: 192.168.2.242 on Interface 0x1000003
Internet Address Physical Address Type
1.1.1.1 00-0d-65-ab-61-47 dynamic
192.168.2.254 00-0d-65-ab-61-47 dynamic

C:\Documents and Settings\Ricky>tracert www.yahoo.com

Tracing route to www.yahoo.akadns.net [216.109.117.205]
over a maximum of 30 hops:

1 15 ms <10 ms <10 ms 192.168.2.254
2 <10 ms 15 ms 16 ms 10.114.28.45
3 15 ms 32 ms 31 ms 10.114.1.218
Click to expand...
 
You people over there are amazingly hard to understand.
I gave that guy with an invalid e-mail address a full, knowledgeable
solution to his problem in his own language and there is no single
word in return.

Hi,

When a Cisco router (thinks it) has the best route to some
destination, in can proxy-arp for that destination, that is, reply
with its MAC address to any arp for any address to that destination.
192.168.2.254 has the best route for 1.1.1.1, hence its reply and the
ARP entry in the PC.
"best route" = a route not going back through network 192.168.2.0.

So either you disable proxy-arp with the following command on Cisco
no ip proxy-arp
if that suites you, or you get the routes right in both routers.
As all routers on a lan must normally have the same view of the
routes, the thing to do is to run a routing protocol such as OSPF or
RIP (best is V2) to tell their routes one to the other.
And then, a 192.168.2.x host sending a packet to the wrong router will
receive an ICMP redirect that will change its mind towards the other.
Hosts on 192.168.2.0 can run the RIP listener service to get the
correct routing table, and their destination outright.
Of course, only one router must have a default route or any other
route, at least, you must manage for only one router to announce each.

Hoping it will help (sure it will if you understood).
Just passing by this group, any thanks are best e-mailed.

André.


In my LAN there are 2 gateway. One is for DSL 192.168.2.253 with a firewall
attached and one is for leased line conneted to another site 192.168.2.254.
My problem is most of my user's PC will use DHCP and have 192.168.2.253 as
the gateway since we are not allow every user has the internet access rights.
So i can set the internet access rights restriction through the firewall.
But recently I found out that some of my user manully input 1.1.1.1 as the
default gateway and their PC also gets into the internet from 192.168.2.254
which is conneted to other site. And the fake default gateway will obtained
the same MAC address from the Cisco which is 192.168.2.254. I tried in W2k
and XP both have the same result. I have tried to solve it for more than 2
weeks now.. and still don't have any hint at all..... Can anyone help...???

Thx in advance!!

C:\Documents and Settings\Ricky>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : cvr-mis-06
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139(A) PCI Fast
Ethernet

Physical Address. . . . . . . . . : 00-0A-EB-2C-FB-CF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.242
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 1.1.1.1
DNS Servers . . . . . . . . . . . : 192.168.2.4

C:\Documents and Settings\Ricky>route print
=====================================================
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 0a eb 2c fb cf ...... NDIS 5.0 driver

=====================================================

Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 1.1.1.1 192.168.2.242 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.242 192.168.2.242 1
192.168.2.242 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.2.255 255.255.255.255 192.168.2.242 192.168.2.242 1
224.0.0.0 224.0.0.0 192.168.2.242 192.168.2.242 1
255.255.255.255 255.255.255.255 192.168.2.242 192.168.2.242 1
Default Gateway: 1.1.1.1
=====================================================
Persistent Routes:
None

C:\Documents and Settings\Ricky>arp -a

Interface: 192.168.2.242 on Interface 0x1000003
Internet Address Physical Address Type
1.1.1.1 00-0d-65-ab-61-47 dynamic
192.168.2.254 00-0d-65-ab-61-47 dynamic

C:\Documents and Settings\Ricky>tracert www.yahoo.com

Tracing route to www.yahoo.akadns.net [216.109.117.205]
over a maximum of 30 hops:

1 15 ms <10 ms <10 ms 192.168.2.254
2 <10 ms 15 ms 16 ms 10.114.28.45
3 15 ms 32 ms 31 ms 10.114.1.218
Click to expand...
Click to expand...
 
Back
Top