Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Sys log flooded with "arp: 00:25:90:44:11:e7 attempts to modify permanent entry"

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • wgstarksW
      wgstarks
      last edited by

      I'm seeing this entry flooding my system log-

      Jan 22 17:09:09	kernel		arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
      Jan 22 17:09:40	kernel		arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
      Jan 22 17:10:11	kernel		arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
      Jan 22 17:10:41	kernel		arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
      Jan 22 17:11:12	kernel		arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
      Jan 22 17:11:42	kernel		arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
      Jan 22 17:12:08	kernel		arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
      Jan 22 17:12:13	kernel		arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
      

      10.0.1.20 is my unRAID server. Not sure if something is misconfigured there or if it's my pfsense setup. Would appreciate any advice?

      Box: SG-4200

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        So find the permanent ARP entry there and delete it if that is not what you want.

        Usually in the DHCP static mapping as attached.

        I have been doing this a long time and have never needed to use a static ARP entry. It's usually easier to just fix whatever conditions exist to make it "necessary."

        ![Screen Shot 2018-01-22 at 3.53.05 PM.png](/public/imported_attachments/1/Screen Shot 2018-01-22 at 3.53.05 PM.png)
        ![Screen Shot 2018-01-22 at 3.53.05 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2018-01-22 at 3.53.05 PM.png_thumb)

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          That or I suppose someone is trying to spoof ARP for an interface address. You would need to handle that in your switching gear.

          Diagnostics > Packet Capture for ARP on that interface and see what you see.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • wgstarksW
            wgstarks
            last edited by

            Thanks. I set a reserved IP for en-0 on the unraid server and then bonded en-0 and en-1. I'm sure that's what is causing this problem. The MAC address shown in the log entry is for en-1 on the unraid server.

            Just to be sure I've got it right, I just need to uncheck the ARP Table Static Entry option?

            Box: SG-4200

            1 Reply Last reply Reply Quote 0
            • wgstarksW
              wgstarks
              last edited by

              @Derelict:

              That or I suppose someone is trying to spoof ARP for an interface address. You would need to handle that in your switching gear.

              Diagnostics > Packet Capture for ARP on that interface and see what you see.

              No. I think this is caused by my own ignorance.  :D

              Box: SG-4200

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.