I have an 8.0.4 release x64 running with dual NICs, one dedicated for iSCSI communication with two servers on a closed 10.10.10.x network (no gateway) and the other NIC on a user LAN 192.168.10.x for Windows shares, management, etc. I've got Active Directory setup and working with a DC on the 192.168.10.x LAN. The problem is my firewall keeps tripping with spoof alerts that the 10.10.10.2 address of the FreeNAS is showing up on the 192.168.10.x LAN with the MAC address of the FreeNAS 192.168.10.x interface. The traffic is NetBIOS port 137 going to a backup DC on another LAN!
Here's the network summary:
And the spoof message from my Sonicwall which is 192.168.10.1 is:
04/20/2012 09:52:09.736 - Alert - Intrusion Prevention - IP spoof dropped - 10.10.10.2, 137, X0 - 192.168.3.242, 137, X2 - MAC address: 00:18:8b:3a:36:a9
I have confirmed with ifconfig that the MAC address shown is infact that of the 192.168.10.x NIC of the FreeNAS.
1) Why would FreeNAS be trying to get to my backup DC on another LAN? The DC configured for Active Directory is on the local 192.168.10.x LAN.
2) How do I stop it from trying to do it from the 10.10.10.x interface and use the 192.168.10.x instead if it really does need to talk to the backup DC? (there is more than one DC on the local 192.168.10.x LAN!)
I don't know if this is a new problem, I've been using FreeNAS for a while, and I've only just started seeing the Alerts since upgrading to a newer Sonicwall model.