On Sun, Dec 09, 2001 at 11:50:50AM -0500, Peter Mancuso wrote:
> >Of course ed0 and rl0 are connected to different physical networks, rigth ?
> 
> yes, ed0 is my subnet gateway as  192.168.1.1/24  , 192.168.1.2 is the only 
> machine using it to get out to the net via rl0
> 
> >This means that another machine, on the network connected to rl0, use
> >192.168.1.2 as address. It's not your fault.
> >(if you want you can find the machine using its hardware address)
> 
> that makes sence.....rl0 is connected to internet cable service...so do the 
> errors(replies not from the expected interface) happen with normal internet 
> use on 192.168.1.2, or is someone intentionaly trying to converse with a 
> computer on my subnet?

Hi Pete, 

Let's just say your kernel can't know about someone's intention. ;)

Let's also assume Manuel is right and that your kernel is telling the
truth: there is a 192.168.1.2 on rl0 for good or ill.  

I think you might be able to fix the problem with IPF.  At least, I
can think of an experiment that will teach us something.  Try
prepending this line to your ipf.conf:

	block in quick on rl0 from 192.168.0.0/16 to any
	
That can't do any harm and it might just work.

Questions to the world:  Do cable modem networks create private
virtual circuits to the "central office" as it were?  If Pete's rl0
were in promiscuous mode, could he see his neighbors' traffic?  And
do the terms of service with his provider include the commandment,

"Thou shalt not covet thy neighbor's traffic?"

--jkl