Weird APR behavor

Surfking55

I've been running my NG6100 for about a year now and it's been working perfect and as expected. However, about 2 weeks ago I noticed my APR table started showing an APR entry for every address in my WAN's /24. Before I only had 2 (one for my WAN interface and one for my ISP's gateway). The superfluous 253 APR entries have the same MAC address as the ISP's gateway.

Has anybody seen anything like this?

stephenw10

I'll assume you mean ARP here.

That can only happen if something is responding to ARP queries on those IPs or sending traffic from them that pfSense is able to see. So I would guess something changed in the ISPs gateway config such that it is now responding to those in some way. What sort of WAN connection is it?

It shouldn't cause any sort of problem unless you actually need to access something else in the WAN subnet.

Steve

jrey

There is some ARP discussion over here
https://forum.netgate.com/topic/178633/arp-probe

it is not uncommon for the WAN to have ARP traffic,
But in my case and I believe also for @johnpoz that WAN ARP traffic does not make it into the Local ARP table. (and it should not) except for two your assigned WAN IP and the Gateway.

@surfking55 said in Weird APR behavor:

The superfluous 253 APR entries have the same MAC address as the ISP's gateway

Do all those entires have the same IP address as well?
and the same "Expires in x seconds time"?