Firebox x750e / pfSense 2.1 system log flooded with an error I do not recognise

Hardware
Log in to reply
  • M

    Hi beautiful people:

    I have a converted Firebox x750e with PS/2, USB and VGA output, Pentium M 740 and 2GB of RAM running pfSense (non nano) installed on a 160GB 2.5" drive.

    Everything went smoothly (thanks to the work of stephenw10 and others on the subject) and the box seems to be operational, but the system log is flooded with this message (it is logged every 3 to 5 minutes):

    kernel: cannot forward from c0a8:107:: to c0a8:171:: nxt 58 received on msk0

    msk0 is the LAN interface.

    The configuration of the box is pretty much stock at this point. All I have done is run the configuration wizard.

    Any idea what that message means?

    0
  • stephenw10
    Netgate Administrator

    Hmm, never seen that.
    That's two ipv6 local addresses. The hex equivalent of 192.168.1.7 and 192.168.1.113 if I'm not mistaken. Do you recognize those IPs? Usually they would be on the same subnet so there would be no need for pfSense to forward packets between them. Perhaps one of them has the wrong subnet set? Or maybe you have a port forward misconfigured?

    Nxt 58 could indicate icmpv6 packets?  :-\ My IPv6 knowledge is badly lacking.

    Steve

    0
  • M

    @stephenw10:

    Hmm, never seen that.
    That's two ipv6 local addresses. The hex equivalent of 192.168.1.7 and 192.168.1.113 if I'm not mistaken. Do you recognize those IPs? Usually they would be on the same subnet so there would be no need for pfSense to forward packets between them. Perhaps one of them has the wrong subnet set? Or maybe you have a port forward misconfigured?

    Nxt 58 could indicate icmpv6 packets?  :-\ My IPv6 knowledge is badly lacking.

    Steve

    I know exactly what those are :)

    I don't know why this particular pfSense box is trying to route traffic between both… I probably would do best if I isolate it in it's own subnet until is configured.

    Either way that was most helpful, thank you. Was getting into one of those "cannot see the wood for the trees" situations ;)

    0
  • M

    Thanks again… was one of those duh moments where one fires up two DHCP servers on the same subnet assigning IPs from the same pool.

    Leads to all sorts of funky stuff :D

    0
  • stephenw10
    Netgate Administrator

    Easily done. Glad you found it.  :)

    Steve

    0
  • M

    A little more info on the subject, just in case this issue affects someone else in the future. There were two misconfigurations in the LAN that led to this:

    1. I had two DHCP servers on the same subnet assigning IPs from the same pool.

    2. I had one of the servers (192.168.1.7) with a dual NIC with Adaptive Load Balancing enabled BUT without a primary NIC selected for the team, which made it swap MACs between ports constantly. pfSense did not like this.

    Once the first issue was addressed the second issue kicked in and the log was flooded with the following (at a rate of about once per second).

    kernel: arp: 192.168.1.7 moved from a0:36:9f:07:70:61 to a0:36:9f:07:70:60 on em4
    kernel: arp: 192.168.1.7 moved from a0:36:9f:07:70:60 to a0:36:9f:07:70:61 on em4

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy