Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Weird APR behavor

    Scheduled Pinned Locked Moved
    Off-Topic & Non-Support Discussion
    3
    6
    562
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Surfking55
      last edited by

      I've been running my NG6100 for about a year now and it's been working perfect and as expected. However, about 2 weeks ago I noticed my APR table started showing an APR entry for every address in my WAN's /24. Before I only had 2 (one for my WAN interface and one for my ISP's gateway). The superfluous 253 APR entries have the same MAC address as the ISP's gateway.

      Has anybody seen anything like this?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        I'll assume you mean ARP here. 😉

        That can only happen if something is responding to ARP queries on those IPs or sending traffic from them that pfSense is able to see. So I would guess something changed in the ISPs gateway config such that it is now responding to those in some way. What sort of WAN connection is it?

        It shouldn't cause any sort of problem unless you actually need to access something else in the WAN subnet.

        Steve

        S 1 Reply Last reply Reply Quote 0
        • J
          jrey
          last edited by

          There is some ARP discussion over here
          https://forum.netgate.com/topic/178633/arp-probe

          it is not uncommon for the WAN to have ARP traffic,
          But in my case and I believe also for @johnpoz that WAN ARP traffic does not make it into the Local ARP table. (and it should not) except for two your assigned WAN IP and the Gateway.

          @surfking55 said in Weird APR behavor:

          The superfluous 253 APR entries have the same MAC address as the ISP's gateway

          Do all those entires have the same IP address as well?
          and the same "Expires in x seconds time"?

          S 1 Reply Last reply Reply Quote 0
          • S
            Surfking55 @stephenw10
            last edited by

            @stephenw10 Yes, ARP. I do that crap all the time. My right hand fingers are faster than my left hand fingers.

            For my WAN setup, I have ATT fiber on their GPON network. So they force me to use there "gateway" which is an all-in-one. But I have it setup for pass-through and everything else turned off so it's just passing my external routeable to my 6100.

            1 Reply Last reply Reply Quote 0
            • S
              Surfking55 @jrey
              last edited by

              @jrey It's listing all 255 IPs in the /24 with the same expire time as the ISP gateway. However, today I checked it again and now it's back to normal.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Hmm, well likely something sent a gratuitous ARP for every IP somehow. Or pfSense queries everything but that would really only happen if you ran a scan.
                As I said it's just odd though it's unlikely to hurt anything.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post