Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wierd IP conflict with two devices in one network

    General pfSense Questions
    4
    5
    526
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • SipriusPTS
      SipriusPT
      last edited by SipriusPT

      Hello everyone,

      I have two devices battleing each other in one network, but I really dont know why, because each device have their own IP's reserved in DHCP server (in this case Firewall B).

      In both Firewalls, I am using arpwatch to detect in real time all IP conflicts that may occur, where in this case I am receiving tons of notifications with flipflops being done in Arp table for those two devices in Firewall B 10.0.10.0/24 network:

                  hostname: <unknown>
          ip address: 10.0.10.20
    ethernet address: 24:a2:e1:e7:60:c0
     ethernet vendor: Apple, Inc.
old ethernet address: b8:78:2e:33:94:2d
 old ethernet vendor: Apple, Inc.
           timestamp: Tuesday, July 28, 2020 12:21:23 +0100
  previous timestamp: Tuesday, July 28, 2020 12:21:09 +0100
               delta: 14 seconds

      But in DHCP server I have:

      9c0fc5cb-44aa-4d32-a252-b0c6ddb7f409-image.png

      Network diagram before moving that Time Capsule to 10.0.10/0/24 where that Apple TV was already installed:

      7fecb5cd-f98a-4477-9985-eb8d7a827ec1-image.png

      I really dont know why this is happening.

      Anyone knows?

      Note: If you need more info feel free to ask.

      Thanks in advance!

      1xSG-4860-1U
      1xSG-3100
      2xpfSense Virtual Machines

      JKnottJ 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Why would the time capsule, living on network 10.0.0.0/24 attribute itself an IP from the 10.0.10.0/24 network ? Does the time capsule contains some route info, so it can "talk" to the DHCP server on 10.0.10.0/24 ?

        Firewall A and Firewall B have a DHCP running on their LAN ? Set up ok ?
        All devices are using DHCP, right ?

        When the VPN tunnel is taken down, the issue is gone ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • JKnottJ
          JKnott @SipriusPT
          last edited by

          @SipriusPT

          Is one DHCP server supporting both networks? Do you have a DHCP relay somewhere?

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            The time capsule was moved to the other subnet.

            Do you see it trying to pull a DHCP lease?

            I would run a packet capture filtered by the time capsules MAC address and see what's actually happening. It seems likely it's failing to get a lease and re-using it's previous address.

            Steve

            1 Reply Last reply Reply Quote 0
            • SipriusPTS
              SipriusPT
              last edited by SipriusPT

              Sorry for the delayed answer.

              @Gertjan That diagram is just to represent how it was before I change Time Capsule from that Site A to Site B, now both devices are in 10.0.10.0/24. The idea that I tried to pass it was to show you that it was indeed two differente physical NICs per device.

              Both Firewalls, have DHCP servers in place, but 10.0.0.0/24 uses WS DHCP server, and all of those are working properly for months/years.

              In 10.0.10.0/24, there is at least one device with a local setup IP (10.0.10.6). But not signed for those two IPs, and I have already changed from static to dynamic IPs in DHCP server but got the same result.

              Its like both devices have been assigned with the same IP, but it was not, so I really dont know why its happeaning.

              After 3 days being massively spammed by arpwatch, it stops, Time Capsule using the right IP.

              Since I am not physically present in that site, I can only assume that someone have turned off that Apple TV.

              @stephenw10 I have made that several times. I didnt made any sniff attempt, but next time I will have to do it, because it wasnt normal.

              If I got this issue again, I will let you know, even if I find the reason for this to happean.

              Thank you all for the help, always appreciated!

              1xSG-4860-1U
              1xSG-3100
              2xpfSense Virtual Machines

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.