Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Occasional ARP errors in multiwan setup

    Scheduled Pinned Locked Moved Routing and Multi WAN
    12 Posts 4 Posters 6.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      antoninn
      last edited by

      Hi,
      my pfsense uses 4 network cards - one LAN and WAN, OPT1, OPT2 interfaces, connected to same ISP.
      LAN: 192.168.1.1
      WAN XX.XX.XX.131/23 MAC X:X:X:X:X:55 GW XX.XX.XX.1 - mapped more ports to servers in 192.168.1.0 - MAC address "spoof" set to :55
      OPT1 XX.XX.XX.132/23 MAC X:X:X:X:X:eb GW XX.XX.XX.1 - mapped more ports to servers in 192.168.1.0
      OPT2 XX.XX.XX.129/23 MAC X:X:X:X:X:98 GW XX.XX.XX.1 - mapped 2 ports to 192.168.1.X - MAC address "spoof" set to :98

      I use simple port forwarding to various servers in LAN subnet. My ISP told me, that there are problems with IP/MAC pairing. I upgraded to 1.2RC2 and I can see occasional messages in the log: kernel: arp: X:X:X:X:X:98 is using my IP address XX.XX.XX.131!. I use advanced outbound NAT with two rules OPT2 192.168.1.X/32 and WAN 192.168.1.0/24. I am not able to find out, why there are two IP with same MAC address.

      Another finding: there are for example two log messages right 20 minutes after another, than several hours there are no messages and so on…

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        @antoninn:

        I use simple port forwarding to various servers in LAN subnet. My ISP told me, that there are problems with IP/MAC pairing. I upgraded to 1.2RC2 and I can see occasional messages in the log: kernel: arp: X:X:X:X:X:98 is using my IP address XX.XX.XX.131!.

        Is the MAC address shown one of your MAC addresses?  It sounds like either you've got your proxy ARP configured wrong, or someone else on your ISP's network is trying to use your IP.

        1 Reply Last reply Reply Quote 0
        • A
          antoninn
          last edited by

          Yes, conflicting MAC address, which is trying to use IP of WAN interface is MAC address of OPT2 interface.

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            Do you have proxy ARP setup for your WAN IP on your OPT WAN interface?

            1 Reply Last reply Reply Quote 0
            • A
              antoninn
              last edited by

              Hm, where can I find proxy ARP setup??? I do not realize I have set up proxy ARP during configuration. Where can I find it in user interface?

              1 Reply Last reply Reply Quote 0
              • A
                antoninn
                last edited by

                Updated to RC3 - the same problem occasionally occurs. It happens exactly in interval 1 hour or 20 minutes:

                Dec 6 09:09:32 kernel: arp: XX:0c:XX:53:29:98 is using my IP address XX.XX.XX.XX1!
                Dec 6 08:29:39 kernel: arp: XX:0c:XX:53:29:8e is using my IP address XX.XX.XX.XX1!
                Dec 6 07:29:49 last message repeated 4 times
                Dec 6 07:29:45 kernel: arp: XX:0c:XX:53:29:98 is using my IP address XX.XX.XX.XX1!

                MAC addresses of other two physical interfaces..

                Could not it be some kind of cron script running every hour and trying to perform some cleanup or update or something like this and this is only side-effect of it????? I am convinced that this should not be some kind of random behavior.

                1 Reply Last reply Reply Quote 0
                • A
                  antoninn
                  last edited by

                  I think I have found what is going on: http://wiki.openvz.org/Multiple_Network_Interfaces_And_ARP_Flux

                  But how to solve it in FreeBSD and pfsense???

                  1 Reply Last reply Reply Quote 0
                  • A
                    antoninn
                    last edited by

                    Really nobody is able to answer my question? Is there anybody, who uses pfsense with more network cards, connected to one subnet?

                    1 Reply Last reply Reply Quote 0
                    • S
                      sullrich
                      last edited by

                      Enable System -> Advanced -> This will suppress ARP messages when interfaces share the same physical network

                      This has been covered prior in the forum.  This is why people are hesitant on answering something that has already been covered.

                      1 Reply Last reply Reply Quote 0
                      • A
                        antoninn
                        last edited by

                        I have this feature ENABLED all the time I describe problems with ARP and my provider. What exactly this feature do? I think it only disables certain messages related to ARP to be displayed in system log.

                        Is there any possibility in pfsense to configure some properties of optional network cards related to ARP (like solutions described here: http://wiki.openvz.org/Multiple_Network_Interfaces_And_ARP_Flux
                        )?

                        1 Reply Last reply Reply Quote 0
                        • P
                          Perry
                          last edited by

                          Some info on the freebsd link
                          http://forum.pfsense.org/index.php/topic,4996.msg30810.html#msg30810

                          /Perry
                          doc.pfsense.org

                          1 Reply Last reply Reply Quote 0
                          • A
                            antoninn
                            last edited by

                            Other question regarding this problem: Is it possible to set up ARP behavior of every physical interface in pfsense?

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.