Firebox x750e / pfSense 2.1 system log flooded with an error I do not recognise

MrT0ad

Hi beautiful people:

I have a converted Firebox x750e with PS/2, USB and VGA output, Pentium M 740 and 2GB of RAM running pfSense (non nano) installed on a 160GB 2.5" drive.

Everything went smoothly (thanks to the work of stephenw10 and others on the subject) and the box seems to be operational, but the system log is flooded with this message (it is logged every 3 to 5 minutes):

kernel: cannot forward from c0a8:107:: to c0a8:171:: nxt 58 received on msk0

msk0 is the LAN interface.

The configuration of the box is pretty much stock at this point. All I have done is run the configuration wizard.

Any idea what that message means?

stephenw10

Hmm, never seen that.
That's two ipv6 local addresses. The hex equivalent of 192.168.1.7 and 192.168.1.113 if I'm not mistaken. Do you recognize those IPs? Usually they would be on the same subnet so there would be no need for pfSense to forward packets between them. Perhaps one of them has the wrong subnet set? Or maybe you have a port forward misconfigured?

Nxt 58 could indicate icmpv6 packets?  :-\ My IPv6 knowledge is badly lacking.

Steve

MrT0ad

@stephenw10:

Hmm, never seen that.
That's two ipv6 local addresses. The hex equivalent of 192.168.1.7 and 192.168.1.113 if I'm not mistaken. Do you recognize those IPs? Usually they would be on the same subnet so there would be no need for pfSense to forward packets between them. Perhaps one of them has the wrong subnet set? Or maybe you have a port forward misconfigured?

Nxt 58 could indicate icmpv6 packets?  :-\ My IPv6 knowledge is badly lacking.

Steve

I know exactly what those are :)

I don't know why this particular pfSense box is trying to route traffic between both… I probably would do best if I isolate it in it's own subnet until is configured.

Either way that was most helpful, thank you. Was getting into one of those "cannot see the wood for the trees" situations ;)

MrT0ad

Thanks again… was one of those duh moments where one fires up two DHCP servers on the same subnet assigning IPs from the same pool.

Leads to all sorts of funky stuff :D

stephenw10

Easily done. Glad you found it.  :)

Steve

MrT0ad

A little more info on the subject, just in case this issue affects someone else in the future. There were two misconfigurations in the LAN that led to this:

1. I had two DHCP servers on the same subnet assigning IPs from the same pool.

2. I had one of the servers (192.168.1.7) with a dual NIC with Adaptive Load Balancing enabled BUT without a primary NIC selected for the team, which made it swap MACs between ports constantly. pfSense did not like this.

Once the first issue was addressed the second issue kicked in and the log was flooded with the following (at a rate of about once per second).

kernel: arp: 192.168.1.7 moved from a0:36:9f:07:70:61 to a0:36:9f:07:70:60 on em4
kernel: arp: 192.168.1.7 moved from a0:36:9f:07:70:60 to a0:36:9f:07:70:61 on em4