Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ARPwatch flip-flops on WAN interface

    Scheduled Pinned Locked Moved General pfSense Questions
    14 Posts 3 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S
      stephenw10 Netgate Administrator
      last edited by

      Or something else is using WAN IP. Though if that were the case I'd expect to see log entries complaining about it in the main system log.

      Steve

      D 1 Reply Last reply Reply Quote 0
      • D
        deanfourie @stephenw10
        last edited by

        @stephenw10 yes, that's what Arpwatch is reporting.

        It's actually the IP address of the upstream gateway changing, not pfSense which in my case is a Huawawei 4G router.

                    hostname: <unknown>
          ip address: 192.168.1.1
    ethernet address: 82:49:99:43:53:92
     ethernet vendor: <unknown>
old ethernet address: cc:e8:ac:92:53:43
old ethernet vendor: <unknown>
           timestamp: Thursday, February 23, 2023 8:27:41 +0000
  previous timestamp: Thursday, February 23, 2023 8:27:28 +0000
               delta: 13 seconds
        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Your WAN IP address is 192.168.1.1? Not the gateway? That's unlikely.

          D 1 Reply Last reply Reply Quote 0
          • D
            deanfourie @stephenw10
            last edited by

            @stephenw10 no, my WAN upstream gateway.

            D 1 Reply Last reply Reply Quote 0
            • D
              deanfourie @deanfourie
              last edited by

              @deanfourie I have a 4G router which is my incoming internet connect to pfSense via ethernet which is setup as a WAN upstream gateway. Public IP address is on the 4G router, pfSense obtains a private IP address as its WAN address from the 4G router.

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @deanfourie
                last edited by

                @deanfourie so your 4g device which is at 192.168.1.1, and pfsense gets some IP 192.168.1.X (not 1) and .1 mac address changes. or there is something else on this same network.

                You have a cable that plugs from this device to pfsense wan? There is no switch between with other devices, or switch ports on this device your plugging pfsense into.

                If there are multiple devices that say their IP is 192.168.1.1 - ie your seeing 2 macs for this same IP. Not sure what pfsense is suppose to do about it. Pfsense is just reporting that the mac for this IP is changing..

                That 82:49 mac I can not find what maker that is.. that cc:e8 mac shows as..

                
Company
    SOYEA Technology Co.,Ltd.
Address
    hangzhou zhejiang 310007
    Jiaogong Rd.No.1
    CHINA
Range
    CC:E8:AC:00:00:00 - CC:E8:AC:FF:FF:FF
Type
    IEEE MA-L

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                D 1 Reply Last reply Reply Quote 0
                • D
                  deanfourie @johnpoz
                  last edited by

                  @johnpoz yes this is an isolated network, no switch in between and no way someone could connect on the 1 network unless they physically plugged into the 4g router and set a static IP of 1.1.

                  This is strange

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @deanfourie
                    last edited by

                    @deanfourie so it has more ports.. Does it have wifi.. What is the specific make and model of this device?

                    If it has multiple lan switch ports - did you try plugging into a different port.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      Run a packet capture, see if you can get any traffic from the alternative MAC to find out what it is.

                      If the 4G router is doing any sort of bridging it might have more than one MAC.

                      D 1 Reply Last reply Reply Quote 0
                      • D
                        deanfourie @stephenw10
                        last edited by

                        @stephenw10 yea the WAN 4G router should no be doing any bridging as it is not in bridged mode.

                        I'll run a cap next time, I might have actually grabbed a cap I'll check

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.