PfSense responding to 192.168.1.1 after LAN & WAN changed



  • As per the title, my PfSense 2.3.1 is still responding to pings on 192.168.1.1 after LAN changed to 192.168.123.x and WAN is 192.168.0.253

    Cannot find 192.168.1.1 in the Arp Table or anywhere else.  Any ideas what might be causing this ?

    Pete



  • It won't respond to IPs that don't exist on the system. Likely you have something else on 192.168.1.1. Possible the former IP ended up not being removed for some reason, can double check ifconfig to see. If it's not in ifconfig output, it's not that device answering.



  • Thats exactly what I thought.  I did a wireshark capture on a local PC while pinging the IP, and it seems to show the responder as the MAC address of PfSense Lan NIC.  Then running "arp -a" on the same PC or on pfsense shows nothing listed.

    Also checked the config.xml file, but cannot find any reference to this IP.


  • Rebel Alliance Global Moderator

    well quick test to make sure its pfsense or not, unplug pfsense lan from your network ;)  Does it still get answered?  If your showing an answer from that mac, then it would be in your clients arp table if on the same layer 2.

    But pfsense might be sending it out its wan, and something upstream could be answering.  If that is the case then yeah you would show mac of pfsense lan as the answering mac..

    That would be my guess to what is happening.

    perfect example of this is me pinging my cable modem management IP

    ping 192.168.100.1

    Pinging 192.168.100.1 with 32 bytes of data:
    Reply from 192.168.100.1: bytes=32 time=26ms TTL=63
    Reply from 192.168.100.1: bytes=32 time=1ms TTL=63
    Reply from 192.168.100.1: bytes=32 time<1ms TTL=63
    Reply from 192.168.100.1: bytes=32 time=1ms TTL=63

    my pfsense wan is public..  But I can still access my cable modem via that rfc1918 address since pfsense wan is directly connected to it.  If something on your wan answering - sniff on pfsense wan and find the mac that is answering.  It might be showing your gateway on your that network, but then you would know its something else upstream.