Enabled static ARP - now I'm locked out of pfSense, help!



  • Hi,

    I wanted to setup static IP for all of my PCs in the network and
    While in DHCP server I've checked "enable static ARP" and now I can't connect to pfSense nor any other computer in the network?
    Please help!



  • Did you have settings backed up?



  • @kejianshi:

    Did you have settings backed up?

    No, I was going to once everything is setup but never got to that point  :(



  • OK - Lets try one step at time.  OK?

    I don't know if this will work with your problem.

    Can you access the pfsense console menu?

    If so, let it boot up, go to command line then enter:

    pfctl -d

    Now check to see if you have access to web gui.



  • Ok, I have access to the box shell.
    Pfctl -d gives me "Pfctl: pf not enabled"



  • Can you access the web configurator?



  • @kejianshi:

    Can you access the web configurator?

    No, that's the issue. As soon as I hit save I was cut off from everything. Can't even ping 192.168.1.1



  • Reboot.  Go back to the console and restore recent configuration.

    Its option 15.

    See if you can select the one before you made the ARP change.

    Apply it.  After its all done, reboot and try to get to web gui.



  • @kejianshi:

    Reboot.  Go back to the console and restore recent configuration.

    Its option 15.

    See if you can select the one before you made the ARP change.

    Apply it.  After its all done, reboot and try to get to web gui.

    Thank you!!!! I'm back online :D
    Restoring "05" fixed my issue.
    Could this be a possible bug?




  • Not sure if its a bug.  Its not an option I use.  I just know how to undo it.  :P

    Glad you are up and running.  I'd save the config from time to time.  I name mine after the major changes made to them + a date.



  • I hope Jim or someone else will chime in. If its not a bug then at least explain the purpose of this option so that others don't run into same issue. I'm willing to supply more info if needed.




  • How many computers/devices do you have listed at the bottom of that page?
    Was your current computer in the list?
    Is anything at all in the list?
    Do you have static IP entries listed there?



  • All your images are on the board.  No need for the drop-box item.  We see the images even if you can't.

    So, did you have your computers listed on that page at bottom?



  • @kejianshi:

    All your images are on the board.  No need for the drop-box item.  We see the images even if you can't.

    So, did you have your computers listed on that page at bottom?

    Just one.




  • OK - The the static ARP did what it was supposed to do.  Only the xbox would have been allowed access after you clicked that box.
    If you want more computers, you need to make sure they have a static entry at the bottom of that page and then click the button.

    Then you should, in theory, not get locked out.



  • I have about 10 or so entries on the LAN - but I think static ARP would be inconvenient for me.  I add and subtract devices often.



  • @kejianshi:

    OK - The the static ARP did what it was supposed to do.  Only the xbox would have been allowed access after you clicked that box.
    If you want more computers, you need to make sure they have a static entry at the bottom of that page and then click the button.

    Then you should, in theory, not get locked out.

    Ok, when I read it again it does make sense. All I wanted to do is create a static ARP so that particular MACs always get same IP.
    I've managed to do that in 2.0.1 http://forum.pfsense.org/index.php/topic,40451.msg211283.html#msg211283
    Would you know how I can achive saem resault instead of using assign IP outside DHCP server range?
    Before after setting above ARP mod I was able to set static IP on each computer and WOL would always work.



  • The best way to do it is to go to status > DHCP leases find the computers you want to give permanent entries to.

    Press the + button out to the right.

    It will take take you to the place to define the Name, IP and DNS name to give according to the MAC.

    THEN it will appear in the bottom of that list.



  • @kejianshi:

    The best way to do it is to go to status > DHCP leases find the computers you want to give permanent entries to.

    Press the + button out to the right.

    It will take take you to the place to define the Name, IP and DNS name to give according to the MAC.

    THEN it will appear in the bottom of that list.

    That way all of my added computers will get IPs out of DHCP server range (my current range is 192.168.1.100-192.168.1.120)
    With that mod I was able to stay inside DHCP range and still have static ARP.
    1st computer 192.168.1.100
    2nd computer 192.168.1.101
    etc.
    It was easy to remember each comp. IP.



  • Thats a weird personal preference ;)

    Well - Looks like you are all good.  Enjoy.



  • Thanks for your help! I'll try to make it like it was before  ;)


Log in to reply