1. Home
  2. pfSense® Software
  3. General pfSense Questions
  4. Sys log flooded with "arp: 00:25:90:44:11:e7 attempts to modify permanent entry"

Sys log flooded with "arp: 00:25:90:44:11:e7 attempts to modify permanent entry"

  • wgstarks

    I'm seeing this entry flooding my system log-

    Jan 22 17:09:09	kernel		arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:09:40	kernel		arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:10:11	kernel		arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:10:41	kernel		arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:11:12	kernel		arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:11:42	kernel		arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:12:08	kernel		arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:12:13	kernel		arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1

    10.0.1.20 is my unRAID server. Not sure if something is misconfigured there or if it's my pfsense setup. Would appreciate any advice?

    0
  • Derelict
    LAYER 8 Netgate

    So find the permanent ARP entry there and delete it if that is not what you want.

    Usually in the DHCP static mapping as attached.

    I have been doing this a long time and have never needed to use a static ARP entry. It's usually easier to just fix whatever conditions exist to make it "necessary."

    ![Screen Shot 2018-01-22 at 3.53.05 PM.png](/public/imported_attachments/1/Screen Shot 2018-01-22 at 3.53.05 PM.png)
    ![Screen Shot 2018-01-22 at 3.53.05 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2018-01-22 at 3.53.05 PM.png_thumb)

    0
  • Derelict
    LAYER 8 Netgate

    That or I suppose someone is trying to spoof ARP for an interface address. You would need to handle that in your switching gear.

    Diagnostics > Packet Capture for ARP on that interface and see what you see.

    0
  • wgstarks

    Thanks. I set a reserved IP for en-0 on the unraid server and then bonded en-0 and en-1. I'm sure that's what is causing this problem. The MAC address shown in the log entry is for en-1 on the unraid server.

    Just to be sure I've got it right, I just need to uncheck the ARP Table Static Entry option?

    0
  • wgstarks

    @Derelict:

    That or I suppose someone is trying to spoof ARP for an interface address. You would need to handle that in your switching gear.

    Diagnostics > Packet Capture for ARP on that interface and see what you see.

    No. I think this is caused by my own ignorance.  :D

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy