VIP ip address not responding to ARP requests



  • I have setup a pfsense box at my work in order to route some customers that will be providing internet access for via NATing.  I have been having troubles where the box would stop responding after a while.  I have finally tracked this down to where the an IP configured as an "other" WAN VIP does not respond to ARP requests.

    TCPDUMP:
    18:54:09.963519 arp who-has XX.XX.140.202 tell XX.XX.140.193
    18:54:11.976902 arp who-has XX.XX.140.202 tell XX.XX.140.193
    18:54:15.963816 arp who-has XX.XX.140.202 tell XX.XX.140.193
    18:54:18.967899 arp who-has XX.XX.140.202 tell XX.XX.140.193
    18:54:20.968164 arp who-has XX.XX.140.202 tell XX.XX.140.193
    18:54:23.968249 arp who-has XX.XX.140.202 tell XX.XX.140.193
    18:54:25.976386 arp who-has XX.XX.140.202 tell XX.XX.140.193
    18:54:30.966743 arp who-has XX.XX.140.202 tell XX.XX.140.193
    18:54:32.968132 arp who-has XX.XX.140.202 tell XX.XX.140.193
    18:54:34.966774 arp who-has XX.XX.140.202 tell XX.XX.140.193
    18:54:36.967914 arp who-has XX.XX.140.202 tell XX.XX.140.193
    18:54:38.967304 arp who-has XX.XX.140.202 tell XX.XX.140.193
    18:54:40.968693 arp who-has XX.XX.140.202 tell XX.XX.140.193
    18:54:42.967210 arp who-has XX.XX.140.202 tell XX.XX.140.193
    18:54:44.967226 arp who-has XX.XX.140.202 tell XX.XX.140.193
    18:54:46.976611 arp who-has XX.XX.140.202 tell XX.XX.140.193
    18:54:49.967826 arp who-has XX.XX.140.202 tell XX.XX.140.193

    140.202: VIP on pfsense box
    140.193: internet gateway

    Both are public ip addresses

    I have been playing around with the configuration where I have been switching the VIP from a Proxy ARP address to an other VIP.  Has this broken the pfsense box in this fashion?



  • vip type "other" doesn't reply to layer2 messages. Use proxyARP or CARP for this. "other" is meant for scenarios where the IPs will be just routed to you anyway independent from layer2 messages.



  • Thanks for the quick response.  Flipped everything over to Proxy-ARP and it works.


Locked