Firebox x750e / pfSense 2.1 system log flooded with an error I do not recognise



  • Hi beautiful people:

    I have a converted Firebox x750e with PS/2, USB and VGA output, Pentium M 740 and 2GB of RAM running pfSense (non nano) installed on a 160GB 2.5" drive.

    Everything went smoothly (thanks to the work of stephenw10 and others on the subject) and the box seems to be operational, but the system log is flooded with this message (it is logged every 3 to 5 minutes):

    kernel: cannot forward from c0a8:107:: to c0a8:171:: nxt 58 received on msk0

    msk0 is the LAN interface.

    The configuration of the box is pretty much stock at this point. All I have done is run the configuration wizard.

    Any idea what that message means?


  • Netgate Administrator

    Hmm, never seen that.
    That's two ipv6 local addresses. The hex equivalent of 192.168.1.7 and 192.168.1.113 if I'm not mistaken. Do you recognize those IPs? Usually they would be on the same subnet so there would be no need for pfSense to forward packets between them. Perhaps one of them has the wrong subnet set? Or maybe you have a port forward misconfigured?

    Nxt 58 could indicate icmpv6 packets?  :-\ My IPv6 knowledge is badly lacking.

    Steve



  • @stephenw10:

    Hmm, never seen that.
    That's two ipv6 local addresses. The hex equivalent of 192.168.1.7 and 192.168.1.113 if I'm not mistaken. Do you recognize those IPs? Usually they would be on the same subnet so there would be no need for pfSense to forward packets between them. Perhaps one of them has the wrong subnet set? Or maybe you have a port forward misconfigured?

    Nxt 58 could indicate icmpv6 packets?  :-\ My IPv6 knowledge is badly lacking.

    Steve

    I know exactly what those are :)

    I don't know why this particular pfSense box is trying to route traffic between both… I probably would do best if I isolate it in it's own subnet until is configured.

    Either way that was most helpful, thank you. Was getting into one of those "cannot see the wood for the trees" situations ;)



  • Thanks again… was one of those duh moments where one fires up two DHCP servers on the same subnet assigning IPs from the same pool.

    Leads to all sorts of funky stuff :D


  • Netgate Administrator

    Easily done. Glad you found it.  :)

    Steve



  • A little more info on the subject, just in case this issue affects someone else in the future. There were two misconfigurations in the LAN that led to this:

    1. I had two DHCP servers on the same subnet assigning IPs from the same pool.

    2. I had one of the servers (192.168.1.7) with a dual NIC with Adaptive Load Balancing enabled BUT without a primary NIC selected for the team, which made it swap MACs between ports constantly. pfSense did not like this.

    Once the first issue was addressed the second issue kicked in and the log was flooded with the following (at a rate of about once per second).

    kernel: arp: 192.168.1.7 moved from a0:36:9f:07:70:61 to a0:36:9f:07:70:60 on em4
    kernel: arp: 192.168.1.7 moved from a0:36:9f:07:70:60 to a0:36:9f:07:70:61 on em4


Log in to reply