ARP cache listing every network/broadcast address

  • I run 4 separate pfSense firewalls at work. They are all set up to do fairly different jobs on different parts of the network. One of them which I've recently set up routes traffic between our 2 Internet connections and many LANs and VLANs. No NAT, just routing two /24s of public IP addresses.

    I'm not sure this is a problem, but can anyone think why this pfSense would be listing every network and broadcast address in it's ARP cache? I've never seen another pfSense firewall do this.

    For example, here's a portion of the output of "arp -an" on this firewall:

    ? (x.x.x.15) at ff:ff:ff:ff:ff:ff on dc0 permanent [ethernet]
    ? (x.x.x.16) at ff:ff:ff:ff:ff:ff on vlan28 permanent [vlan]
    ? (x.x.x.18) at 00:06:25:74:f6:96 on vlan28 [vlan]
    ? (x.x.x.19) at 00:06:25:99:44:d5 on vlan28 [vlan]
    ? (x.x.x.23) at 00:12:17:e6:8e:33 on vlan28 [vlan]
    ? (x.x.x.31) at ff:ff:ff:ff:ff:ff on vlan28 permanent [vlan]
    ? (x.x.x.40) at ff:ff:ff:ff:ff:ff on vlan27 permanent [vlan]
    ? (x.x.x.42) at 00:30:6e:2d:10:42 on vlan27 [vlan]
    ? (x.x.x.43) at ff:ff:ff:ff:ff:ff on vlan27 permanent [vlan]

    I can't see that it's causing any problems (yet) but it just struck me as not normal so I'm wondering if anyone can shed any light on it :)
    At first I thought it was maybe something to do with this instance of pfSense being installed on a Nokia IP330, on which the MAC addresses for the 3 on-board NICs default to ff:ff:ff:ff:ff:ff but that doesn't make sense, because pfSense is clever and automatically spoofs them with auto-generated MAC addresses. Hmmmm!

Log in to reply