ARP Table and Internet Issue

yupq6wlc79ts · Dec 29, 2021, 11:39 AM

Hopefully someone can help me here please. I have had pfSense for a while now and been successfully using it.

Very recently, my desktop wouldn't connect to internet with yellow icon on Ethernet (symbol) at the bottom-right of the screen (but everything else connects to the internet). I troubleshooted it and everything seemed ok but no internet.

After checking, what I was able to discover is that, for my desktop, there are multiple entries in the ARP Table for my desktop (and so no internet only on desktop). Everything else has only one LAN entry, while my desktop has LAN and OPT2 entry. When I clean ARP Table and manually delete the OPT2 entry from the list, the internet works on my desktop again. But after a while, I'll again see multiple ARP entries and I have to delete it again.

This happens only to my desktop. I have already ran antivirus programs, even reset my desktop PC but the issue still persist. I am using Dell adapter though it doesn't create any issue when I use it with my laptop.

Attaching the screenshot for reference:

login-to-view

johnpoz · Dec 29, 2021, 11:54 AM

@yupq6wlc79ts and what is opt2, that wireless? It sure shouldn't be the same network? Is that a bridge you setup on opt2?

Normally, unless you created a bridge? Network on interfaces would be isolated at layer 2.. It would be impossible to see a device on network A, and also on network B..

Going to need a bit more info about your setup, than a censored document it looks like top secret record release from area 51 ;) hehehe

yupq6wlc79ts · Dec 29, 2021, 12:03 PM

@johnpoz hehe, so here's the screenshot for the reference but basically, I've:

Modem -> Firewall (pfSense) -> Ethernet (LAN Port) -> Router (WiFi)
Modem -> Firewall (pfSense) -> Ethernet (OPT1 Port) -> My Current Desktop (via Ethernet)

My Current Desktop NEVER connects to WiFi (it doesn't have WiFi).

login-to-view

johnpoz · Dec 29, 2021, 12:08 PM

@yupq6wlc79ts so you bridged lan and opt2? Your opt2 shows no IP on it.

yupq6wlc79ts · Dec 29, 2021, 12:10 PM

@johnpoz OPT2 is empty right now, nothing is connected to OPT2 port.

johnpoz · Dec 29, 2021, 12:13 PM

@yupq6wlc79ts thought you said your PC was connected to it. I show nothing connected to opt3, but opt2 is up - so something is connected to it.

You have no opt1 listed?

Something is plugged into opt2 or there is no way it would show UP like that, but it has no IP set.

yupq6wlc79ts · Dec 29, 2021, 12:15 PM

@johnpoz currently, there is nothing that's plugged into OPT2, and my ARP table has no entry of OPT2 right now (hence the internet is working).

What I don't understand is, I am not even using OPT2 (I may have used it once/twice with the same device), but how does it take my desktop and assign it an entry with the ARP table. It happens when I turn my desktop on.

johnpoz · Dec 29, 2021, 1:03 PM

@yupq6wlc79ts well something is clearly wrong if your saying nothing is plugged into opt2, as it shows that its up - that green arrow.

So there is a piece of the puzzle missing somewhere.

You said your pc when plugged in is on opt1, but I see no opt1.. Did you rename the interfaces?

yupq6wlc79ts · Dec 29, 2021, 1:05 PM

@johnpoz so currently,

WAN - Connected to Modem
LAN - Connected to Router (WiFi)
OPT1 - Connected to my desktop
OPT2 - Empty

Here's the sample config that I am using: sample config file

johnpoz · Dec 29, 2021, 1:05 PM

@yupq6wlc79ts said in ARP Table and Internet Issue:

OPT1 - Connected to my desktop

And again - you show no OPT1 interface at all..

login-to-view

yupq6wlc79ts · Dec 29, 2021, 1:08 PM

@johnpoz No

WAN - Connected to Modem
LAN - Connected to Router (WiFi)
OPT1 - Connected to my desktop
OPT2 - Empty

is what I see currently plugged into...

johnpoz · Dec 29, 2021, 1:08 PM

@yupq6wlc79ts that is fine then.. So your desktop connects to opt3?

Or opt2 - I show opt2 up (the green arrow) but you have no IP set on it - so did you bridge this to lan?

yupq6wlc79ts · Dec 29, 2021, 1:12 PM

@johnpoz does this help?

login-to-view

and this?

login-to-view

johnpoz · Dec 29, 2021, 1:17 PM

@yupq6wlc79ts Why do you have everything bridged?

But your setting an IP on opt3?

So you got something going on where traffic from your lan which you have bridged to all your interfaces.. and your opt2 are connected together and your seeing an answer (arp) on both interfaces.. You have a loop somewhere would be my guess.

But in that xml you sent - there is no setting showing that 192.168.3.1 address.

It would be impossible for pfsense to see an arp for your desktop if plugged into optX on the bridge and also seeing it on lan, unless you a loop somewhere.

yupq6wlc79ts · Dec 29, 2021, 1:19 PM

@johnpoz so the 192.168.3.1 is what I added later to segment some of my network traffic.

@johnpoz said in ARP Table and Internet Issue:

It would be impossible for pfsense to see an arp for your desktop if plugged into optX on the bridge and also seeing it on lan, unless you a loop somewhere.

How/Where can I find that "loop"? I don't think I have created any loop (or may be did it by mistake?)

johnpoz · Dec 29, 2021, 1:30 PM

@yupq6wlc79ts need to see exactly how you have this connected

You say your wifi is on lan.. But your pc has no wifi.. The mac you showed in your censored document looks like that is the same mac.. So something on your network looped or answered that arp? Do you have any other sort of anything on your pc, like a bluetooth connection to sonos speakers or something else on your network what would bridge.

In a normal network, networks are isolated at layer 2. It is not possible for traffic to be seen like you show. Unless there is a loop or bridge that connects the 2.. Even if your pc had wifi and wired, the macs would be different that :39 you show, wifi would be something else.

Did you maybe move your laptop from one connection to the other? Say plugged into your wifi routers port, and then plug it into pfsense port? The expired time on the arps are 130 seconds different. So that seems to far apart to be a loop to be honest. But if you moved your pc from say port on your wifi router that is on lan, and then to another port on pfsense (opt2) That would explain what your seeing for sure. Because the other arp didn't expire yet..

yupq6wlc79ts · Dec 29, 2021, 1:36 PM

@johnpoz so what you said last might be the case.

I initially created 192.168.3.1 on OPT3 to segment the traffic, that is where my PC used to connected to.

I then needed to be on 192.168.1.1 so I needed to change my OPT. Since my WiFi is on LAN, I connected my pc to OPT1 (which is OPT2 in the pfSense?)

So, from that point, shouldn't the ARP expire at some point? It just keeps coming back...

And yes, the MAC are the same for my PC in both, LAN and OPT2.

Currently, everything is working fine because all I see in ARP is LAN & WAN.

The issue arises when I restart my pc, then ARP will have LAN, WAN and OPT2 for some reason.

johnpoz · Dec 29, 2021, 1:47 PM

@yupq6wlc79ts said in ARP Table and Internet Issue:

I initially created 192.168.3.1 on OPT3 to segment the traffic

But you left it in the bridge.. not good setup.

Arp will expire, default is 20 minutes I believe in pfsense.

Doing something like this

login-to-view

Could for sure cause exactly what you were seeing.. When your wifi router is being used as AP. If it was natting ie in router mode, this wouldn't happen, because the only mac pfsense would see from anything connected to the wifi router be it wifi or wired would be the mac of the wan interface on the router.

So if you do something like that in the future - you can flush pfsense arp cache.. See the clear arp table button on the bottom of the listing. Or you can delete specific ones with the little trashcan symbol.

If you want to isolate your pc from your lan, then you need to remove the interface your going to connect to out of your bridge. I personally would really never bridge on pfsense interfaces. If you want more ports in a specific network - then get a switch..

The issue arises when I restart my pc

Restarting your PC wouldn't flush pfsense cached arp entry from it, if it was plugged into your wifi router, and then you moved it - be it your restart your pc or not wouldn't matter. Once pfsense saw that mac on your lan, its going to sit there until it expires or you flush it.

yupq6wlc79ts · Dec 29, 2021, 1:47 PM

@johnpoz one thing to note is, this pc has never connected to wifi (lan port in this case via router).

To your point, I did remove/delete and entry in the arp and also cleared the arp table, it works...until I restart my machine.

I can factory default it and start again...let me ask you this, the sample file I shared, would you recommend that config? (the one without 192.168.3.1 setup?)

johnpoz · Dec 29, 2021, 1:59 PM

@yupq6wlc79ts no I wouldn't - you have everything bridged in that xml.. I could never in good conscious ever recommend a bridge setup.. Unless there was a specific technical reason for it. You need different media types to be on the same network, and the only device that has both media types, say fiber and ethernet is the pfsense. And even then that would be a temp solution until you got a media converter ;)

If you need more ports, then get a switch. If you want switch ports on your pfsense box, then get an appliance that has switch ports in it.

I only skimmed that xml real quick to see if you had bridge setup. And it clearly isn't your actual config anyway because there is no 192.168.3.1 in that xml.

Clearly there is pieces missing here. But I see no way if your pc is only connected to optX, and your arp table on pfsense only shows it on the optX interface... Restarting your pc in no way shape or form could have the arp show up on your lan interface. Especially 130 seconds apart.. If there was a loop, then they would be at most like 1 second apart. And even then it would prob have to be because arp was seen just before the second changed, a loop of traffic would be in the ms.. Not 130 seconds.