This post was written by TechRepublic member jdclyde.
I recently moved away from wireless Internet at work because it dropped regularly, even without bad weather. The cable modem I switched to has a five IP block, and I installed a SonicWall TZ190. The email does a NAT to the same address as the SonicWall, so when people try to authenticate, they don’t see it going to an address other than where it originated. A Web server does a NAT to the address at the far end of the block. Everything works like a dream, but only for about 20 minutes. Then access to the last four IPs drops.
After much troubleshooting and packet captures, I discovered the problem — Address Resolution Protocol (ARPs) from the IP provider. The ARPs to the first address (the SonicWall) comes from the gateway (cable modem LAN port). The ARPs for the other four come from the WAN port of the cable modem, which is on a different (10dot) network. The cable company goes from their gateway to the Internet to an internal 10dot network, and then back to a real IP for the LAN of the gateway and your network block.
Background communications on a LAN are done by the MAC address, and they are determined by ARP requests. If the target is not on the LAN, then it goes to the gateway and uses the IP address. The SonicWall is smart enough to know that ARP is a LAN-only protocol, so it DROPS the ARP requests coming from the 10dot network. After 20 minutes of cycling the firewall, the ARPs timeout and the four IPs go dead.
I worked with the cable company for about a week, and they basically said, “Tough beans. That’s how the modem works, and we have no control over that.”
What was my solution? I programmed in an exception to allow ARPs from the 10dot network. This is just one more thing to watch for as more and more people switch to cable modems for affordable Internet.