I'm not sure about the sluggish issue, but the other issue of running out of IP addresses, if you have more devices than you have IP addresses, and too many offline devices are holding leases, then you need to reduce the lease length to a value that allows those leases expire in a timely fashion.

I can't begin to list the ways that setting the MACs the same for both adapters is a bad idea…

It may be dhcpd abuse, but the problem's resolved thanks to cmb's reply; everything working just fine the same way it has for years :)

Jon

Take a look at this link:

https://forum.pfsense.org/index.php?topic=82852.msg453980#msg453980

And you can use HE and search for any particular host IPs:

IE-

http://bgp.he.net/search?search[search]=facebook&commit=Search

Phil,

thanks again. Makes sense. I didn't think of the fact that if packets are switched on the switch, pfsense is not involved. I'll look at the switch then.

And as for point 2. –> strange. Where could I look for more details on hosts connected?

Take care,
0lek

I am getting something that sounds very much like this.  Next time it happens I will check the same logs to see if the same thing is happening.

The 192.168.100.x that the cable modem is giving out is actually due to the connection on the cable interface being down.  The cable modem (specifically motorolla) will 'unbridge' when the cable connection is down and then give out an IP in the above subnet.  You do not need to do anything usually, once the cable connection comes backup, it will register the pfsense wan interface 'mac address' to the dhcp server on the cable network and update the ip adress to the current wan ip given by the cable companies dhcp forwarder.

I'd leave it on all since thats what mine is set for and working fine like forever.

Interesting stuff. I think a number of us would be interested in that discussion in public, no need to switch to PM. The General Discussion board always open for completely OT topics.

No it would not be a unicast offer, and no it wouldn't be multicast either.. Offers can not be unicast, since the client does not have an IP yet ;)

An offer would be to 255.255.255.255 dest port 67..  Now if your working with relays then sure stuff can happen over unicast during the relay.

I had a feeling that was the answer, so I just changed the TLD to .lan and it's all good now.  Thanks!

"I don't know if you understand my problem."

Not really.. not able to access a url quite often is dns related.  What is the URL?  Is this some dynamic fqdn pointing to pfsense wan IP??

Yea got the pcap…

Its from a DHCP offer malformed packet...where I didnt make the request. Sent on the broadcast (cable modem ISP) that hit my box.

Still investigating. Wrote some suricata rules, motitoring and capturing more...

F.

boa noite  aconteceu  a mesma  coisa comigo  também  tive  de  fazer  a restauração  do  bkp  para voltar  mas  agora  tudo  funcionado.

Thanks for the response!

I do have DHCP leases registered in DNS, will have to check the system log and gateways log - not able to at the moment.  I do know that clearing the DHCP log (which restarts DHCP) stops the incessant reading of /etc/hosts for a while.