Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCP static ARP new column, what is it?

    2.1 Snapshot Feedback and Problems - RETIRED
    5
    8
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xbipin
      last edited by

      i see recently the dhcp server page has a new column for static arp for all the clients listed below in the static dhcp table, can some1 tell me what does it actually do?

      suppose if a entry in table is there with static arp ticked and deny unknown client ticked, will the client get the same ip as listed, if so then what does ticking static arp do additional?
      does it mean even if client manually feeds in another ip in his machine from same range but not the one that hes locked to, he wont be able to communicate?

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        This feature is there since at least 1.0

        Yes if you enable static ARP then only the devices with the correct MAC/IP pair in the list below will be able to communicate with the pfSense.
        They won't be able to communicate if they change their MAC, their IP or aren't on the list.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • B
          bardelot
          last edited by

          @GruensFroeschli
          xbipin was referring to the new individual static arp entries introduced around a week ago in commit:25c1ebd5cb2a358477e81c30b5e73719a94e1107

          @xbipin
          If "Enable Static ARP entries" is selected, the additional individual static arp is not used.

          1 Reply Last reply Reply Quote 0
          • X
            xbipin
            last edited by

            ok got it, i tried it using this, my tablet mac id/ip listed in list with static arp ticked and deny unknown clients ticked, by default it gets ip 0.15 so i manually set it to 0.14, internet connection went down for it but its able to communicate with local lan pcs, wireless is bridged to lan so could it be some bug or its intended this way?

            1 Reply Last reply Reply Quote 0
            • B
              bardelot
              last edited by

              The static arp is only used for communication between the router and the client, not for the communication between the clients.

              1 Reply Last reply Reply Quote 0
              • X
                xbipin
                last edited by

                but in this case its through the router only, tablet is wifi and PC on Ethernet

                1 Reply Last reply Reply Quote 0
                • N
                  NOYB
                  last edited by

                  It simply makes a static entry in the ARP table for that client.

                  
                  mwexec("/usr/sbin/arp -s " . escapeshellarg($arpent['ipaddr']) . " " . escapeshellarg($arpent['mac']));
                  
                  

                  The GitHub commit can be viewed here:
                  https://github.com/bsdperimeter/pfsense/commit/25c1ebd5cb2a358477e81c30b5e73719a94e1107

                  1 Reply Last reply Reply Quote 0
                  • P
                    phil.davis
                    last edited by

                    With WiFi and LAN bridged, the pfSense software is not going to be examining the detail of packets between WiFi and LAN. It will simply be forwarding packets back and forth between the 2 interfaces,  so that they look like one. It will only be when pfSense talks to the client itself that the static ARP comes into play.

                    As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                    If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.