Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Rogue machine using gateway ip as the static ip

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 3 Posters 313 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      trumee
      last edited by

      Hello,

      If a machine sets up ip a static ip to be the same as gateway/dhcp ip of the pfsense, the network falls apart. Pfsense reports

      arp: xx:xx:xx:xx:xx:7a is using my IP address 192.168.9.1 on lagg0.400!

      Is there a way to block any machine which sets up such a static ip?

      I tried to enable "Enable Static ARP entries" in DHCP server setting, but that did not make a difference.

      bingo600B bmeeksB 2 Replies Last reply Reply Quote 0
      • bingo600B
        bingo600 @trumee
        last edited by

        @trumee
        You have 3 options as i see it.

        1: Block the mac address in your "configurable switch" , where the rouge pc is connected.
        2: Identify the switch port where the pc is connected , and shut it down.
        3: Identify the rouge pc , call the person , and reconfigure the ip address.

        /Bingo

        If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

        pfSense+ 23.05.1 (ZFS)

        QOTOM-Q355G4 Quad Lan.
        CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
        LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks @trumee
          last edited by bmeeks

          @trumee said in Rogue machine using gateway ip as the static ip:

          Hello,
          Is there a way to block any machine which sets up such a static ip?

          One thing folks new to networking often fail to remember is that the firewall has zero control over local network traffic in a segment. So on your LAN, for example, if device A wants to talk with device B on the same subnet, the firewall is completely out of the picture and powerless to control the behavior of either device A or device B. Same thing applies in your case with a device "stealing" the IP of the firewall. Nothing the firewall can do but complain in its logs (which it did). It is then up to the human to find the offender and cut him off (using the suggestions from @bingo600).

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.