pfsense 2.4.5p1 bug: arp: 172.24.0.1 moved from xx to yy on vtnet0
-
I don't know why this appear in our system log
Aug 31 10:14:27 kernel arp: 172.24.0.1 moved from d8:d3:85:d7:9b:4a to 00:26:55:e4:86:69 on vtnet0 Aug 31 10:14:33 kernel arp: 172.24.0.1 moved from 00:26:55:e4:86:69 to d8:d3:85:d7:9b:4a on vtnet0
d8:d3:85:d7:9b:4a is correct.
00:26:55:e4:86:69 is mac address of vtnet2 on our pfsense but our configuration don't use 172.24.0.1 as gateway in pfsense. The gateway is 172.24.0.16 on vtnet0.
I don't why pfsense reply arp 00:26:55:e4:86:69 for 172.24.0.1 (my local server address).Extra infomation.
vtnet2 is a trunk link with multi vlan include vlan 1 (config on switch). I create multiple vlan on vtnet2 but I don't use vlan 1.
vtnet0 is access link (vlan 1) -
That's almost certainly not a bug in pfSense. It's logging that because it sees arp replies showing it.
Run a packet capture on vtnet0 and see what's actually on there.
You might have something leaking broadcast packets for example.
Steve
-
@stephenw10 I use tcpdump and see vtnet2 return arp for 172.24.0.1. But in my pfsense config don't have any interface or VIP use this ip. That like a bug.
-
It would be elsewhere. Check the MAC address to see what device it's coming from.
-
Mmm what is vtnet2 here? A virtual interface or something passed through?
That's an HP MAC address. Something sharing it?
Steve
-
@stephenw10 said in pfsense 2.4.5p1 bug: arp: 172.24.0.1 moved from xx to yy on vtnet0:
hing passed through?
That's an HP MAC address. Something sharing it?I use passed though mode. Nothing share this interface.
That happen only one or two times per hour. -
@huamulanmushu said in pfsense 2.4.5p1 bug: arp: 172.24.0.1 moved from xx to yy on vtnet0:
I use passed though mode.
What do you mean by "mode". Arp can't come from anything beyond a router, as it isn't even IP.
-
@JKnott I use KVM. vtnet2 is virtual interface that is directly attach to real interface using passthrough mode (KVM). And I also check MAC table on switch. This arp is come from vtnet2, not other port.