Thursday, February 01, 2007

Arp! Rarp! Arp!

Do you know what ARP is? It, or rather a firewall and associated router's improper handling of the protocol, is what kept me from working on my happy little wall.

The upshot? I got to spend an extra four hours at work! Yeah! Exciting! Whoo! I love building address tables by hand! Really! I (don't) mean it!

Want to know what makes it better? The fact that I can summarize a large portion of my day with the following:

Manually configured static ARP entries are only needed when you are trying to NAT to an external IP address in the same network block as a secondary IP (non-primary) address on the firewall’s (or other security appliance’s) public interface. If the IP addresses needed for static NAT are in the same network block as the primary address on the public interface, then you will probably not need to add these manual entries.

See? It looks just like English! Hell, it even passes the spell check! That is actually from my “just in case I get squished by a bus” notes for the day.

Sad.

Anyway, I also got to field strip (complete disassembly!) my beloved little Dell laptop (Yeah SUSE!) and replace a bad motherboard. That was about as much fun as taking the still-full food dish away from a starving wolverine with distemper.

Stupid firewall. Silly Router. Odd choice in careers.

So yeah, I’m fried. Cooked. Toast, even.

I promised to update people on what I’ve been doing lately. The short answer is that I’ve been building stuff.

Like walls. (Walls are stuff.)

And, like wall units. (Assembly is building.)

So, this weekend, I get to finish the walls, then do plumbing.

But now, I’m going to bed. It has been a very long day.

3 Comments:

At 8:02 AM, Blogger The Guy Who Writes This said...

Hint, use a wider blade with the mud on the wall.

 
At 11:35 PM, Anonymous Anonymous said...

Why dont you just use OPenBSd's Carp.
Its free and the documentation is good

 
At 1:28 PM, Blogger Tom said...

Guy- I usually do. The sad thing? What is in the picture is the very first bit of mud- to cover screws and hold up the tape.

I'm a slacker.

Anon- because this is just a temporary configuration during the rollover to the new circuits. When finished, we'll tie our primary and redundant circuits using OSPF.

The more you can do at layer 2....

Plus, I'm tossing this firewall for a Juniper-based solution. Had enough of silly issues like this.

 

Post a Comment

<< Home