In pfsense arp entries are not populating in arp table for some host machines

ravirk

In pfsense arp entries are not populating in "arp table" for some host machines. due to which internet is not working on the host, which have DHCP assigned an IP address.

when I give a static IP address to the host, the internet is working and arp entry of that host is also getting populated in arp table.

SammyWoo

This stuff should work automatically without any intervention. I got both DHCP and static and never a problem. U got something going on in there that's unknown to us. Did this EVER worked? Problem since day#1?

When the registration time runs out, the MAC would indeed disappear from the ARP table but as soon as traffic is initiated again on that IP, the ARP registration should again establish, immediately, behind your back, wo any intervention. Ur not working, u did something.

johnpoz

If your getting dhcp from pfsense, are you saying you can not ping pfsense? And the client can not arp for pfsense IP.

What is pfsense IP on this network? What is your dhcp setting does the dhcp client get?

if you saying it works with static, but doesn't work with dhcp but client gets dhcp then points to different dhcp server pointing to different gateway or something.

But without more info not possible to help you figure out what is wrong. Post up some details, arp table from client when working. Arp table from client and IP info when not working, etc.

JKnott

@ravirk:

In pfsense arp entries are not populating in "arp table" for some host machines. due to which internet is not working on the host, which have DHCP assigned an IP address.

when I give a static IP address to the host, the internet is working and arp entry of that host is also getting populated in arp table.

????

Arp entries are normally found in the arp tables of devices that have had communications with. That is if computer A contacts B, then A will be in B's arp cache and B will be in A's cache. Also, arp entries expire after a while, so there's a good chance there will not be an arp cache entry anywhere for a device. Try pinging another computer and see if there is an arp entry in that device. It should make no difference whether you use DHCP or static addresses, so long as it's a valid address for the network.

ravirk

Thanks for all your replies.

let me explain my scenario, we have pfsense acting has a firewall/gateway and DHCP server.

subnet:-192.x.x.0

Subnet mask:-255.255.255.0

DHCP address range is x.x.x.10 to x.x.x.200

From x.x.x.201 to x.x.x.254 i am using them as static IPs for some other devices/hosts

Gateway address x.x.x.1

ISP DNS 202.56.230.2/7

–--------------------------------------------------------------------
Firstly when a host is connected to the network it got IP x.x.x.176 assigned but no internet and unable to ping gateway and 8.8.8.8

Host IP:-x.x.x.176
gateway IP:-x.x.x.1

The one more thing in " StatusDHCP Leases" is showed status "offline" and lease type "active" and

in "DiagnosticsARP Table" there was not an entry for this IP and MAC address.

Next when I assigned a static IP x.x.x.222 to same host, now it was able to ping gateway & global DNS and internet was working.

Now " StatusDHCP Leases" is showed status "online" and lease type "static" and

In "DiagnosticsARP Table" there were entries of this IP and MAC address mappings.

So i have captured packets in pfsense in 2 phases first on DHCP assigned IP and next on staticly assigned IP attached the wireshark screen shots, one thing i observed complete DHCP-DORA process was not happening on dynamic DHCP IP.

This was not happenign from begining and it is there for 20 to 30 machines only not for all, it was there for some new laptops also.

x.x.x176.png
x.x.x176.png_thumb
x.x.x.222.png
x.x.x.222.png_thumb

Gertjan

@ravirk:

subnet:-192.x.x.0
Subnet mask:-255.255.255.0
DHCP address range is x.x.x.10 to x.x.x.200
From x.x.x.201 to x.x.x.254 i am using them as static IPs for some other devices/hosts
Gateway address x.x.x.1
ISP DNS 202.56.230.2/7
–--------------------------------------------------------------------
Firstly when a host is connected to the network it got IP x.x.x.176 assigned but no internet and unable to ping gateway and 8.8.8.8

x.x.x make answering impossible or at least not accurate

Know that a billion people use exactly the same non-routable 192.x.x.x - so no need to hide them.
We all have (on planet earth) these same 192.168.1.0/24
Addresses are important, they work closely with ARP messages.

You have a pretty impossible problem, I advise you to play the game without hiding your cards ;)

johnpoz

^ exactly!!! The only thing hiding rfc1918 points to is someone that just doesn't get how any of this works..

gabe-negate

Holy Moly this is old. Did anyone ever discover what the problem was? You guys beat this cat up for not displaying his rfc1918 number. Anyway same deal here. WIFI in AP mode. No DCHP, NAT, or DNS running on it. Get IP addresses to wifi clients, but not registered in PF's ARP table. Not routing available. Checked main routes in PF, simple /24 pointing to correct int.. Not sure what to say, but.. One laptop works but I believe it's because I have a static DHCP entry in for it. Any advise would be awesome..

johnpoz

@gabe-negate said in In pfsense arp entries are not populating in arp table for some host machines:

, but not registered in PF's ARP table

Most likely then your AP sending its mac? You can not talk to anything without a mac..

For a client to get a dhcp from a dhcp clearly pfsense knows its mac, because it sends the dhcp offer to that mac..

If you want help figuring out what is going on - like with this really OLD thread, your going to actually have to provide some info.. But devices do not, can not talk to each other.. it is not possible a device to get an IP from a dhcp server without the server knowing the mac address of the client, etc..

gabe-negate

Hey thanks. IN terms of the IP address, and MACs. Perhaps let me explain a bit more. The AP is in AP mode, therefore it doesnt respond to BOOTP (DHCP), doesnt provide DNS of any sort, and certainly doesnt use NAT. If NAT were on and in Global Nat config, it would send the one MAC to the PFSense. I've also gone as far as testing with the WIFI router's uplink not being used and simply using the switch on the WIFI router. .

Also, I ran the AP as a regular router, with the one NAT'ed address on the external WAN side; this worked fine, but again I cant see the individual WIFI connected devices by IP address in the PFSense firewall logs, therefore I dont want to do it this way.

It would seem that it's sort of what you're saying in that ARP updates are not reaching the PFSence. IN terms of DHCP responses, the PFSense is sucessfully sending DHCP IP schemas (I can see the custom addresses being assigned), and the WIFI does have an ARP function where you can successfully see the WIFI connected nodes are indeed receiving IP addresses in the correct block that the PFSense is configured to do. I also made sure to put a rule under the WIFI int to specifically allow the the adjacent AP's IP address to talk to it.

-Works when I add static DHCP to MAC addresses entries in the DHCP setting of the PFSense.

-All rules are logging but they're very basic right now.
-PFSense is running DHCP, NAT, NTP, and DNS
-The resolver is a default config
-The order of devices is like this <WIFI CLIENT> ----> (WIFI AP> -------> <PFSENSE WIFI NET INTERFACE> ---> <WAN>
-Routing tables are all populated by directly connected networks (correctly)
-Routing table shows aggregate CIDR block populated and pointing to the correct WIFI interface
-Default route is correct

For whatever reason the PFSense is not getting the ARP updates; I have tried this with two routers (granted they were both the same manufacture). I have tried this in AP mode, and Router mode. Router mode updates the PFSense only with it's own MAC, so that works fine.

DHCP does provide IP addresses, and while an IP address is not required for a MAC to exist on a network, the process by which an IP address is assigned may propagate the MAC address to the directly connected devices in the local broadcast domain, at the very least it would to the device assigning the IP address. However the finite details of that process occur, this is where it's breaking.

Another test I did was to put the WIFI device in router mode, then disable NAT; I used DCHP on the WIFI router to assign IP's in the same block as the external block, therefore having them route contiguously. The last test will be to do the same thing, but this time add a static route in the PFSense to push the aggregate block to the WIFI router. I say that because in router mode, the broadcast domain is broken, therefore the PFSense wouldnt know about the IPs behind the WIFI router VIA ARP. This should alleviate the need to have ARP entries propagate to/in the PFSENSE, it would simply route the traffic to the WIFI router based on the CIDR route in the table.

Hopefully someone's seen this before. Any help is appreciated.

Best,

Gabe

johnpoz

@gabe-negate seen what you haven't provided any info - other than YOUR assessment of what you believe is going on.. AP can sometimes use their own mac vs the clients mac..

WIFI router to assign IP's in the same block as the external block,

That will never work...

So lets see pfsense arp cache.. What IP did it assign your client? Do an arp ping, ping it - does it show in the arp cache? Does the client see the mac of pfsense? What is in its arp cache?

Are these correct - maybe you have a duplicate IP problem? Does anything in the arp cache show incomplete vs the mac assigned to the IP?

arping is addon package you can add to pfsense. Will be under diagnostic menu, if you added it. but a ping to the IP, and then looking in the arp cache is another way... You could also just sniff on your interface while you ping and see if your getting back an arp, when a IP is not in the arp cache, then an arp has to go out for it to be able to send a ping or any other traffic.