DHCP static ARP new column, what is it?

xbipin · Dec 15, 2012, 3:09 PM

i see recently the dhcp server page has a new column for static arp for all the clients listed below in the static dhcp table, can some1 tell me what does it actually do?

suppose if a entry in table is there with static arp ticked and deny unknown client ticked, will the client get the same ip as listed, if so then what does ticking static arp do additional?
does it mean even if client manually feeds in another ip in his machine from same range but not the one that hes locked to, he wont be able to communicate?

GruensFroeschli · Dec 15, 2012, 4:07 PM

This feature is there since at least 1.0

Yes if you enable static ARP then only the devices with the correct MAC/IP pair in the list below will be able to communicate with the pfSense.
They won't be able to communicate if they change their MAC, their IP or aren't on the list.

bardelot · Dec 15, 2012, 4:25 PM

@GruensFroeschli
xbipin was referring to the new individual static arp entries introduced around a week ago in commit:25c1ebd5cb2a358477e81c30b5e73719a94e1107

@xbipin
If "Enable Static ARP entries" is selected, the additional individual static arp is not used.

xbipin · Dec 15, 2012, 4:30 PM

ok got it, i tried it using this, my tablet mac id/ip listed in list with static arp ticked and deny unknown clients ticked, by default it gets ip 0.15 so i manually set it to 0.14, internet connection went down for it but its able to communicate with local lan pcs, wireless is bridged to lan so could it be some bug or its intended this way?

bardelot · Dec 15, 2012, 4:43 PM

The static arp is only used for communication between the router and the client, not for the communication between the clients.

xbipin · Dec 15, 2012, 4:57 PM

but in this case its through the router only, tablet is wifi and PC on Ethernet

NOYB · Dec 16, 2012, 12:45 AM

It simply makes a static entry in the ARP table for that client.


mwexec("/usr/sbin/arp -s " . escapeshellarg($arpent['ipaddr']) . " " . escapeshellarg($arpent['mac']));

The GitHub commit can be viewed here:
https://github.com/bsdperimeter/pfsense/commit/25c1ebd5cb2a358477e81c30b5e73719a94e1107

phil.davis · Dec 16, 2012, 1:37 AM

With WiFi and LAN bridged, the pfSense software is not going to be examining the detail of packets between WiFi and LAN. It will simply be forwarding packets back and forth between the 2 interfaces, so that they look like one. It will only be when pfSense talks to the client itself that the static ARP comes into play.