Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    arpresolve: can't allocate llinfo for 192.168.100.1

    Scheduled Pinned Locked Moved General pfSense Questions
    24 Posts 8 Posters 6.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mrsunfire
      last edited by

      Since I've upgraded my cable modem to a new one, I get this message under system logs after I receive a public IPv4 address. The old modem shortly disconnects the WAN interface after it was syncing with ISP and received a IPv4 address and everything works fine without any error logs. The new modem doesn't disable the WAN interface and gets a new IP adress instant. Then the system log is flooded with this.

      I've searched everything on the net but there was no solution for me. How can I do a static ARP entry without DHCP? Because on WAN I don't have a DHCP server running. WAN is set to DHCP client mode. Anything new on this?

      Unbenannt.JPG

      Netgate 6100 MAX

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        What is 192.168.100.1? The modem management IP?

        Is it handing that IP to pfSense before it syncs with the provider?

        You can reject leases from that if so in the DHCP client setup.

        Steve

        1 Reply Last reply Reply Quote 0
        • L
          lordmundi
          last edited by

          I know this is an old post, but I'm getting the same flood of messages in my system->general log saying "arpresolve: can't allocate llinfo for 192.168.100.1 on mvneta2". The 192.168.100.1 is my cable modem plugged into the WAN port. I can get to 192.168.100.1 from my LAN network (which is on 192.168.0.x), so it is connecting to it. How do I get this flood of messages to the general log (about 2 per second) to stop? I'm running a Netgate SG-3100 and the 2.4.5-RELEASE built on Tue Mar 24.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Is it the modem management IP or the main cable gateway IP? Is that address the gateway for pfSense?

            That message implies it is not able to create an arp entry for it because pfSense does not have an interface in that subnet. Which would be unlikely if it;s the gateway IP.

            Steve

            1 Reply Last reply Reply Quote 0
            • L
              lordmundi
              last edited by

              no, it's the modem management IP. If I go to that IP inside my LAN it resolves and shows me the configuration and status web page for the modem.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by stephenw10

                Ok, well something is trying to hit it. Does pfSense have an interface configured in that subnet? Or a VIP maybe?

                If not try adding one so it can add the ARP entry. It's unusual that you'd be able to reach the modem mgmt page without that though.

                Steve

                1 Reply Last reply Reply Quote 0
                • L
                  lordmundi
                  last edited by

                  hmm... yeah, i don't recall a single thing set up on the 192.168.100.x subnet.

                  So, I'm not experienced with VIPs. I'll have to do some reading. Thanks.

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    https://docs.netgate.com/pfsense/en/latest/interfaces/accessing-modem-from-inside-firewall.html

                    Though that really only applies to PPPoE connections. Just add a VIP on the WAN for a DHCP connection.

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • M
                      mrsunfire
                      last edited by mrsunfire

                      I sill have the same issue, but only if the cable modem restarts and sends via DHCP the 192.168.100.1. After it boots up and receives a public IP adress, this message appears. If I shortly unplug the modem for a second BEFORE it gets a public IP adress this message does not appear.
                      I'm not happy with this, because if the modem getting restartet because of DOCSIS fail, my log is flooded with this message if I'm not at home at this moment.

                      I have configured a firewall rule on LAN because of dual WAN so that I always use the gateway of this interface to reach the modem, even if it's DOCSIS is offline.
                      Don't know if this might be the problem?

                      Unbenannt.JPG

                      I think the only solution is that this flooding is getting stopped. The log should show only one of these entries, that's it. But unfortunately I can't configure this or even disable this to be logged.

                      Netgate 6100 MAX

                      1 Reply Last reply Reply Quote 0
                      • H
                        HG
                        last edited by

                        I don't know which modem you have, but I read in another forum that e.g. there is a TC4400 firmware version that has exactly the bug that is doesn't respond to ARP requests on LAN side after the cable connection is established. Maybe also other modems have this bug. The proposed solution there was to add a static ARP entry for the LAN address of the cable modem. I have the TC4400 but with another firmware without this bug, so unfortunately I cannot tell how to do this with pfSense.

                        M 1 Reply Last reply Reply Quote 0
                        • H
                          HG
                          last edited by HG

                          Another thing that just came into my mind, but it's basically what stephenw10 mentioned above: With my modem, I had to add a NAT rule to be able to access the management interface after is has established the cable connection:

                          97316b06-9eca-49a0-98e9-ad3f72a97758-image.png

                          OPT1 is the interface with the cable modem. Ignore the WAN part, that's for the management interface of my DSL modem, I have dual WAN, too.

                          And I have of course a virtual IP:

                          7147dc5b-3e04-43dc-b728-d71524491551-image.png

                          1 Reply Last reply Reply Quote 0
                          • chpalmerC
                            chpalmer
                            last edited by chpalmer

                            If 192.168.100.1 is outside the LAN(s) of your pfsense router then it will happily send any request to 192.168.100.1 out the WAN port at which time the cable modem will happily answer. There is no configuration needed on pfsense to allow this or make it happen other than its default setup.

                            https://docs.netgate.com/pfsense/en/latest/interfaces/accessing-modem-from-inside-firewall.html states "The firewall is typically assigned a public IP, and sends all outbound traffic upstream to the ISP." This statement ignores the fact that the cable modem is listening on that address and answers locally. The cable modem will still answer on that address even if no cable is connected. Of coarse if any kind of tunnel or encapsulation is being used then you have to adjust things up a bit. A dsl modem used on an ISP that does not require PPPoe or PPPoa will generally answer without any additional setup as well though this is a rare option.

                            pfsense will forward any address outside of its subnets to the WAN port.

                            Look at these pings. One to the modem interface and one to my ISP gateway. Note that the gateway is further away than the modem.

                            C:\Windows\System32>ping 192.168.100.1

                            Pinging 192.168.100.1 with 32 bytes of data:
                            Reply from 192.168.100.1: bytes=32 time=2ms TTL=63
                            Reply from 192.168.100.1: bytes=32 time=1ms TTL=63
                            Reply from 192.168.100.1: bytes=32 time=2ms TTL=63
                            Reply from 192.168.100.1: bytes=32 time=1ms TTL=63

                            Ping statistics for 192.168.100.1:
                            Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
                            Approximate round trip times in milli-seconds:
                            Minimum = 1ms, Maximum = 2ms, Average = 1ms

                            C:\Windows\System32>ping 24.xx.3x.1

                            Pinging 24.113.35.1 with 32 bytes of data:
                            Reply from 24.xx.3x.1: bytes=32 time=10ms TTL=63
                            Reply from 24.xx.3x.1: bytes=32 time=9ms TTL=63
                            Reply from 24.xx.3x.1: bytes=32 time=10ms TTL=63
                            Reply from 24.xx.3x.1: bytes=32 time=13ms TTL=63

                            Ping statistics for 24.xx.3x.1:
                            Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
                            Approximate round trip times in milli-seconds:
                            Minimum = 9ms, Maximum = 13ms, Average = 10ms

                            I would be curious what model cable modems this is happening with?

                            Triggering snowflakes one by one..
                            Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                            H 1 Reply Last reply Reply Quote 0
                            • H
                              HG @chpalmer
                              last edited by HG

                              @chpalmer My experience with the Technicolor TC4400 SR70.12.33-180327 is that I can only access the management interface with the NAT and Virtual IP while it is connected to the ISP. It works without the NAT rule if there is no ISP connection. The Virtual IP was always needed, because the WAN interface gets it IP address via DHCP so it has no IP address at all without the connection to the ISP. With the connection to the ISP, the WAN interface gets its public IP via DHCP.

                              chpalmerC 1 Reply Last reply Reply Quote 0
                              • M
                                mrsunfire @HG
                                last edited by mrsunfire

                                @HG said in arpresolve: can't allocate llinfo for 192.168.100.1:

                                I don't know which modem you have, but I read in another forum that e.g. there is a TC4400 firmware version that has exactly the bug that is doesn't respond to ARP requests on LAN side after the cable connection is established. Maybe also other modems have this bug. The proposed solution there was to add a static ARP entry for the LAN address of the cable modem. I have the TC4400 but with another firmware without this bug, so unfortunately I cannot tell how to do this with pfSense.

                                I can confirm this. I have a TC4400 with .33 firmware without this issue, because the modem resets the interface after bootup. With my .41 firmware, I have this bug, because the interface doesn't get shutdown after boot.

                                How to set a static arp?

                                @HG said in arpresolve: can't allocate llinfo for 192.168.100.1:

                                @chpalmer My experience with the Technicolor TC4400 SR70.12.33-180327 is that I can only access the management interface with the NAT and Virtual IP while it is connected to the ISP. It works without the NAT rule if there is no ISP connection. The Virtual IP was always needed, because the WAN interface gets it IP address via DHCP so it has no IP address at all without the connection to the ISP. With the connection to the ISP, the WAN interface gets its public IP via DHCP.

                                In my case I don't need a virtual IP adress to access the TC4400 (with or without public IP). If it's not connected to the ISP, starts to deliver a 192.168.100.10 IP by DHCP. After this happened and the pubic IP returned, then this error shows up. If I disable to get a private IP from the modem I don't get this error but also I can't connect the WebGUI of the modem without a connection to ISP.

                                Netgate 6100 MAX

                                H 2 Replies Last reply Reply Quote 0
                                • chpalmerC
                                  chpalmer @HG
                                  last edited by

                                  @HG said in arpresolve: can't allocate llinfo for 192.168.100.1:

                                  My experience with the Technicolor TC4400 SR70.12.33-180327 is that I can only access the management interface with the NAT and Virtual IP while it is connected to the ISP.

                                  That is a limitation of that particular modem model.

                                  Triggering snowflakes one by one..
                                  Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                                  1 Reply Last reply Reply Quote 0
                                  • H
                                    HG @mrsunfire
                                    last edited by HG

                                    @mrsunfire said in arpresolve: can't allocate llinfo for 192.168.100.1:

                                    How to set a static arp?

                                    Unfortunately, I don't know how to do it permanently, and I have no real experience with it, but you could try first manually by executing "arp -S 192.168.100.1 xx:xx:xx:xx:xx:xx" (replace xx:xx:xx:xx:xx:xx with the modem's MAC address) on the command line to see if it really helps.

                                    1 Reply Last reply Reply Quote 0
                                    • M
                                      mrsunfire
                                      last edited by

                                      On DHCP server site I can configure static arp but on client site I don't think so. Maybe by command. I will give it a try next week and will update you guys. Thanks so far.

                                      Netgate 6100 MAX

                                      1 Reply Last reply Reply Quote 0
                                      • H
                                        HG @mrsunfire
                                        last edited by

                                        @mrsunfire said in arpresolve: can't allocate llinfo for 192.168.100.1:

                                        If it's not connected to the ISP, starts to deliver a 192.168.100.10 IP by DHCP.

                                        Maybe I remembered incorrectly and that was probably also the case in my setup and I added the virtual IP together with the NAT.

                                        1 Reply Last reply Reply Quote 0
                                        • stephenw10S
                                          stephenw10 Netgate Administrator
                                          last edited by

                                          Did any of you try adding a VIP on the WAN in the modem mgmt subnet?

                                          W 1 Reply Last reply Reply Quote 0
                                          • M
                                            mrsunfire
                                            last edited by

                                            What do you mean by this? I now added a Virtual IP for WAN (192.168.100.2) and will see if this helps. Before that I didn't have any VIP or NAT only a outbound firewall rule on LAN.

                                            Netgate 6100 MAX

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.