Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCP Server + Static ARP entries and/or Deny unknown clients FAILS

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    9 Posts 3 Posters 4.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • nesenseN
      nesense
      last edited by

      Hi, I've tested this with the latest snapshots for the past 3-4 days, 32-bit & 64.

      What happens is, if you enable static ARP entries, and a switch connected to the LAN gets disconnected and reconnected, clients don't get anything after that, they can't ping, ssh or enter the webgui, I have to reboot pfsense for it to work again, sadly even if you don't power cycle switches it happens every couple of hours…

      pinging LAN IP's directly from pfsense also timeout when the power cycle happens...

      using "Deny unkown hosts" alone doesn't have this issue, but it doesn't do what it says, clients not in the list can still communicate with the firewall...

      :'(

      maybe this is the issue?:

      [2.0-RC3][admin@pfSense.localdomain]/var/dhcpd(14): find / -name dhcpd.leases
      /var/dhcpd/var/db/dhcpd.leases
      
      [2.0-RC3][admin@pfSense.localdomain]/var/dhcpd(13): ps aux | grep dhcpd
      dhcpd  10130  0.0  1.6 13056  8048  ??  Ss    4:46PM   0:00.01 /usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf em1
      root   17128  0.0  0.3  6996  1536  ??  Ss    4:40PM   0:00.02 /usr/sbin/syslogd -c -c -l /var/dhcpd/var/run/log -f /var/etc/syslog.conf
      
      [2.0-RC3][admin@pfSense.localdomain]/var/dhcpd(14): find / -name dhcpd.conf
      /var/dhcpd/etc/dhcpd.conf
      
      
      1 Reply Last reply Reply Quote 0
      • nesenseN
        nesense
        last edited by

        more info is here: http://redmine.pfsense.org/issues/1572

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          that has no relation to that redmine ticket you linked. Check 'arp -an' after you disconnect and reconnect the LAN and see what it looks like, may need linkup process to re-add static ARP entries.

          1 Reply Last reply Reply Quote 0
          • nesenseN
            nesense
            last edited by

            Thanks cmb, what do you mean by linkup process? is there a way to re-add static ARP entries automatically whenever a disconnect and reconnect happens? we get lots of power cuts on these LAN switches so its hard to do it by hand all the time…

            1 Reply Last reply Reply Quote 0
            • nesenseN
              nesense
              last edited by

              Also would it be a problem if clients are using static IP instead of acquiring it via DHCP?

              1 Reply Last reply Reply Quote 0
              • nesenseN
                nesense
                last edited by

                ok when a disconnect happens the command arp -an shows nothing, I tried restarting dhcpd service but still arp -an doesn't show all the info… it also happens if I use "deny unknown clients" instead of "Enable Static ARP entries" but through that I can still ping pfsense after the switches restart... it won't deny unknown clients though :/

                so if restarting dhcpd isn't solving this, what command will bring back the allowed ARP list? maybe I can run it on cron every minute? please HALP  :'(

                BTW the issue is on RC2 builds too... not only RC3

                Thanks

                1 Reply Last reply Reply Quote 0
                • nesenseN
                  nesense
                  last edited by

                  I've added a ticket on redmine for the issue: http://redmine.pfsense.org/issues/1628

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    As mentioned on that ticket, I made a commit yesterday that seems to fix this.

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • nesenseN
                      nesense
                      last edited by

                      Thanks for the fix jimp, clicking on the link in the ticket is giving 404, here's the working link: https://github.com/bsdperimeter/pfsense/commit/8ee623f3a98dca5681274d6a14450223236b4013

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.