Occasional ARP errors in multiwan setup



  • Hi,
    my pfsense uses 4 network cards - one LAN and WAN, OPT1, OPT2 interfaces, connected to same ISP.
    LAN: 192.168.1.1
    WAN XX.XX.XX.131/23 MAC X:X:X:X:X:55 GW XX.XX.XX.1 - mapped more ports to servers in 192.168.1.0 - MAC address "spoof" set to :55
    OPT1 XX.XX.XX.132/23 MAC X:X:X:X:X:eb GW XX.XX.XX.1 - mapped more ports to servers in 192.168.1.0
    OPT2 XX.XX.XX.129/23 MAC X:X:X:X:X:98 GW XX.XX.XX.1 - mapped 2 ports to 192.168.1.X - MAC address "spoof" set to :98

    I use simple port forwarding to various servers in LAN subnet. My ISP told me, that there are problems with IP/MAC pairing. I upgraded to 1.2RC2 and I can see occasional messages in the log: kernel: arp: X:X:X:X:X:98 is using my IP address XX.XX.XX.131!. I use advanced outbound NAT with two rules OPT2 192.168.1.X/32 and WAN 192.168.1.0/24. I am not able to find out, why there are two IP with same MAC address.

    Another finding: there are for example two log messages right 20 minutes after another, than several hours there are no messages and so on…



  • @antoninn:

    I use simple port forwarding to various servers in LAN subnet. My ISP told me, that there are problems with IP/MAC pairing. I upgraded to 1.2RC2 and I can see occasional messages in the log: kernel: arp: X:X:X:X:X:98 is using my IP address XX.XX.XX.131!.

    Is the MAC address shown one of your MAC addresses?  It sounds like either you've got your proxy ARP configured wrong, or someone else on your ISP's network is trying to use your IP.



  • Yes, conflicting MAC address, which is trying to use IP of WAN interface is MAC address of OPT2 interface.



  • Do you have proxy ARP setup for your WAN IP on your OPT WAN interface?



  • Hm, where can I find proxy ARP setup??? I do not realize I have set up proxy ARP during configuration. Where can I find it in user interface?



  • Updated to RC3 - the same problem occasionally occurs. It happens exactly in interval 1 hour or 20 minutes:

    Dec 6 09:09:32 kernel: arp: XX:0c:XX:53:29:98 is using my IP address XX.XX.XX.XX1!
    Dec 6 08:29:39 kernel: arp: XX:0c:XX:53:29:8e is using my IP address XX.XX.XX.XX1!
    Dec 6 07:29:49 last message repeated 4 times
    Dec 6 07:29:45 kernel: arp: XX:0c:XX:53:29:98 is using my IP address XX.XX.XX.XX1!

    MAC addresses of other two physical interfaces..

    Could not it be some kind of cron script running every hour and trying to perform some cleanup or update or something like this and this is only side-effect of it????? I am convinced that this should not be some kind of random behavior.



  • I think I have found what is going on: http://wiki.openvz.org/Multiple_Network_Interfaces_And_ARP_Flux

    But how to solve it in FreeBSD and pfsense???



  • Really nobody is able to answer my question? Is there anybody, who uses pfsense with more network cards, connected to one subnet?



  • Enable System -> Advanced -> This will suppress ARP messages when interfaces share the same physical network

    This has been covered prior in the forum.  This is why people are hesitant on answering something that has already been covered.



  • I have this feature ENABLED all the time I describe problems with ARP and my provider. What exactly this feature do? I think it only disables certain messages related to ARP to be displayed in system log.

    Is there any possibility in pfsense to configure some properties of optional network cards related to ARP (like solutions described here: http://wiki.openvz.org/Multiple_Network_Interfaces_And_ARP_Flux
    )?





  • Other question regarding this problem: Is it possible to set up ARP behavior of every physical interface in pfsense?


Log in to reply