Multicast website not working

marcvb · Nov 26, 2014, 7:22 AM

Hello we are new to pfsense,

We started with a new firewall with pfsense, only our nlb Microsoft cluter cannot be contacted (iis website).
the following error is shown in pfsense: kernel: arp: 03:bf:d4:b2:c4:73 is multicast

Our internal lan is: 192.168.1.1
Our wan is: 222.187.186.18
Our wan router is (wan gateway) : 222.187.186.1

We do not have this error with other firewalls, the nlb has a wan ip 222.187.186.100 and al the cluster servers also have wan addresses.
Its a Microsoft nlb multicast.

Harvy66 · Nov 30, 2014, 6:17 PM

I found this on the Internet

A while ago I was writing about the behavior of Microsoft’s Network Load Balancing, the problems it’s causing and how Microsoft tried to hack around them using multicast MAC addresses as the hardware address of sender in ARP replies (which is illegal). A few days ago one of my readers asked me whether I know which RFC prohibits the use of multicast MAC address in ARP replies.

A quick consultation with friendly Google search engine returned this web page, which contained the answer: section 3.3.2 of RFC 1812 (Requirements for IP Version 4 Routers):

A router MUST not believe any ARP reply that claims that the Link Layer address of another host or router is a broadcast or multicast address.
Problem solved – now I know the real reason we have to configure static ARP entries on Cisco routers and switches.

Sounds like your other firewalls are not following the rules.

marcvb · Dec 1, 2014, 11:30 AM

We use GTA firewalls "http://www.gta.com/", I contacted the supplier and indeed.
He told us we used a bug to make it work with our firewall.
I am going to put the servers behind a router now to fix this issue.

Thank you for the info !