On Sun, Mar 11, 2001 at 06:13:29AM -0000, Tyler Mitchell wrote:
> This isn't really a "problem" as such, just a nuisance.  For
> some time now, I have had a computer running NetBSD, acting as a
> firewall/NAT.  I recently began receiving messages such as:
> 
> Mar  9 15:18:53 ffpl-gw /netbsd: 10:00:5a:ba:bb:66 on ne1 tried
> to overwrite arp info for 192.168.0.1 on lo0
> Mar  9 15:21:08 ffpl-gw last message repeated 5 times
> Mar  9 15:38:53 ffpl-gw last message repeated 12 times
> 
> "ne1" is the NIC that connects to our upstream provider.  I
> assume that there is a computer over there (a switch or router
> maybe) that is broadcasting ARP entries.  Here is my ifconfig:

Well, it seems that someone on your upstream provider network has a strange
network config (maybe it connected the modem to a HUB instead to directly
to a host, and has both private network and provider network on this
hub). You could try to see which IP has 10:00:5a:ba:bb:66 with 'arp -a'. 
I'm not sure how to stop this, this would require filtering at ethernet level
rather than IP level; something that we can't do yet.

--
Manuel Bouyer <bouyer@antioche.eu.org>
--