Arpresolve/Arplookup errors in system log

Wookie7 · Feb 7, 2006, 12:16 PM

I have beta 2rc5 on a Warp board. It seems that spontaneously it will stop passing data via one of the two WAN ports that I have set up for policy based routing. Below is a clip of the log. It is full of these entries:

kernel: arpresolve: can't allocate route for 10.0.10.1
Feb 6 17:44:17
kernel: arplookup 10.0.10.1 failed: host is not on local network
Feb 6 17:44:17
kernel: arpresolve: can't allocate route for 10.0.10.1
Feb 6 17:44:17
kernel: arplookup 10.0.10.1 failed: host is not on local network
Feb 6 17:44:17
kernel: arpresolve: can't allocate route for 10.0.10.1
Feb 6 17:44:17
kernel: arplookup 10.0.10.1 failed: host is not on local network
Feb 6 17:44:17
kernel: arpresolve: can't allocate route for 10.0.10.1

Any ideas why this is happening?

hoba · Feb 7, 2006, 12:49 PM

Please try http://pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-2-5-06/ and report back if the problem still exists in that version. Also please provide more info on your setup. Is that IP one of your gateways? What kind of WANs do you have. Are you running policy based routing or even loadbalancing? It's hard to say what might be happening here without knowing the setup.

sullrich · Feb 7, 2006, 3:59 PM

Those happen as well to me during bootup and such. They are harmless.

Wookie7 · Feb 7, 2006, 5:14 PM

The aren't harmless in my situation. :'( I loose connectivity for a couple dozen clients. Nothing will go out via the affected interface and the last time it happened the web interface was non-functional.

The unit affected is a WRAP 1E-2 (3 eth, 1 ath0).

Sis0 is Lan - 10.0.2.1/24
Sis1 is Wan - 204.180.206.N/29 –> Router -> DSL ISP
Sis2 is Wan2 (Opt1) - dhcp (10.0.10.x) --> Router -> Cable ISP
ath0 is bridged to Sis0 (LAN)- (not currently used, but active)

Advanced NAT is turned on. Both WAN interfaces are listed for advanced NAT. In my LAN rules section I have (in order as they appear):

LAN net204.180.206.0/24_//send all DSL ISP traffic through default gateway
10.0.2.150_WAN2//my connection
TCP_LAN net__80 (HTTP)//send all HTTP to the default gateway
LAN net**_ //Default LAN -> any

This is not my intended rule set, btw; this is just a testing setup to see if I can eventually push certain LAN IP addresses and certain (p2p) traffic types over WAN2.

sullrich · Feb 7, 2006, 5:19 PM

I doubt that they are related. You most likely have something else going on.

hoba · Feb 7, 2006, 8:37 PM

btw, a machine powering on at lan using the IP adress of the pfsense can trigger such a thing too. It's doesn't have to be pfsenserelated but try to investigate and report back when you find out anything.

Wookie7 · Feb 8, 2006, 4:36 AM

Is there a way to reset/refresh the arp table manually? I hate to do a full 1+ minute reboot just to clear up the arp table. I would like to try something like that to see if the errors clear up.

I will set up a syslog server to dump to. Maybe there is something right before those errors start to culminate that could give me some idea of what is happening.

BTW - How safe is it to upgrade firmware from a remote wireless connection? Is there any checksum process that assures the upgrade image arrived in tack? And which of those 3 files do I use? I ask because none say 'choose the image file (embedded-*.tgz) to be uploaded' like the manual upgrade page says. This is a WRAP board… does it matter? (it is 50 ft. up on a water tower and it is colder than a witch's tit here ;D so I am leery about a failed upgrade)

Wookie7 · Feb 8, 2006, 11:56 AM

@Wookie7:

BTW - How safe is it to upgrade firmware from a remote wireless connection? Is there any checksum process that assures the upgrade image arrived in tack? And which of those 3 files do I use? I ask because none say 'choose the image file (embedded-*.tgz) to be uploaded' like the manual upgrade page says. This is a WRAP board… does it matter? (it is 50 ft. up on a water tower and it is colder than a witch's tit here ;D so I am leery about a failed upgrade)

The upgrade forum had my answers. Too bad. It sucks that I will have to take my router out of commission for so long.

hoba · Feb 8, 2006, 12:05 PM

That won't be the final upgradeprocess for the embedded builds, but atm you have to do it this way.

sullrich · Feb 8, 2006, 4:26 PM

@Wookie7:

The upgrade forum had my answers. Too bad. It sucks that I will have to take my router out of commission for so long.

When I reflash my WRAP or Soekris it takes 10 minutes MAX.

What do you mean for so long?!

Wookie7 · Feb 8, 2006, 5:18 PM

@sullrich:

@Wookie7:

The upgrade forum had my answers. Too bad. It sucks that I will have to take my router out of commission for so long.

When I reflash my WRAP or Soekris it takes 10 minutes MAX.

What do you mean for so long?!

You are right, Scott. I can get it done in about that amount of time too, but in my situation I am having to remove the router from an external enclosure, climbing down the water tower(it's about 15 degree here), opening up the crappy case (that doesn't have a slot to pass the cf card though) before I can ever flash it with my laptop. I use a cf/pcmcia card slot adaptor and dd the image to /dev/rdiskNsN.

You are right. It doesn't take long to apply the new image itself; it is that it can't be done remotely without physical access for the time being.

BTW - I just want to thank all of you involved in this router project for your great work and assistance.

sullrich · Feb 8, 2006, 5:50 PM

LOL Fair enough. I keep thinking ppl have these units right next to them, not on a water tower!