Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Excessive bogon leading to interface down

    CE 2.8.0 Development Snapshots
    3
    6
    119
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      digitalgimpus
      last edited by

      I'm on 2.8b:

      2.8.0-BETA (amd64)
built on Tue Apr 29 9:27:00 EDT 2025
FreeBSD 15.0-CURRENT

      Twice today my WAN interface went down. Looking in the logs I see something like this:
      346e94ca-da61-45d9-92ad-4ebf14503751-image.png

      This goes on for quite a while.

      LAN is :fa, WAN is :fb.

      Not sure where this is coming from or why it suddenly started.

      Taking down and bringing back up the WAN interface gets things back online. Seems to be happening roughly hourly.

      D 1 Reply Last reply Reply Quote 0
      • D
        digitalgimpus @digitalgimpus
        last edited by

        Also noteworthy:
        I'm was trying to figure out what 172.17.1.43 is other than something from within pfsense. I see this virtual IP created:
        40a316bd-5242-46cd-bec9-12942276def2-image.png
        possibly an artifact of something i did ages ago and mostly removed, dates back to at least 2017 looking at backups, so no idea why this suddenly is a thing.

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          I assume you do not have Disable bogons set in arpwatch? Was that ever set?

          But also 172.17.x.x should not be a bogon. Do you see it in the bogons table in Diag > Tables?

          D dennypageD 2 Replies Last reply Reply Quote 0
          • stephenw10S stephenw10 moved this topic from General pfSense Questions
          • D
            digitalgimpus @stephenw10
            last edited by

            @stephenw10 I didn't have Disable bogons set now or ever based on checking some backups.

            Didn't think to check Diag > Tables. I did see it in Routes.

            I've since deleted that Virtual IP and so far things have been stable. Still monitoring.

            1 Reply Last reply Reply Quote 0
            • dennypageD
              dennypage @stephenw10
              last edited by

              @stephenw10 said in Excessive bogon leading to interface down:

              But also 172.17.x.x should not be a bogon.

              172.17.x.x will be considered a bogon by arpwatch if the packet arrives on an interface and the address is outside the native network of the interface (I.E. the interface network is 192.168.1.1/16 or some such).

              Arpwatch has two ways to deal with this. The first way is the -n flag, which allows adding additional local networks. This would make sense when using a virtual IP addresses, but this option is not exposed in the pfSense Arpwatch package interface. The second way is the -N option, which disables all bogon reporting. This option is exposed in the package as "Disable bogons", and I would always recommend enabling this option.

              FWIW, ANDwatch (replacement for Arpwatch) doesn't care about bogons at all.

              D 1 Reply Last reply Reply Quote 1
              • D
                digitalgimpus @dennypage
                last edited by

                @dennypage

                @dennypage said in Excessive bogon leading to interface down:

                Arpwatch has two ways to deal with this. The first way is the -n flag, which allows adding additional local networks. This would make sense when using a virtual IP addresses, but this option is not exposed in the pfSense Arpwatch package interface. The second way is the -N option, which disables all bogon reporting. This option is exposed in the package as "Disable bogons", and I would always recommend enabling this option.

                Great info, which i wish was in the UI to be honest. It's not clear how "bogons" are interpreted for internal network interfaces.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.