If the option Enable Static ARP entries is enabled, clients can't ping Pfsense



  • Is this supposed to happen ? and if so I would really appreciate if someone could explain why! Once the option "Enable Static ARP entries" in the DHCP server is enabled the clients that have DHCP leased IP won't be able to ping Pfsense's LAN NIC or wherever NIC the DHCP is enabled on.

    If I try to ping the clients from PFsense also I would get invalid argument.

    Thanks



  • You don't write a word about your setup, version, etc. so it's hard to read something out of the crystal ball.
    Over here it's working since version 0.9 or so onwards.



  • Yes right, sorry for not clearing up things but I thought it happened with whatever setup you have regardless. my setup is as follow

    WAN
    LAN
    DMZ <<< I got DHCP working here. on the DHCP I pointed the default gateway to the DMZ address on Pfsense (10.10.0.190)

    All clients get an IP with the correct range that I have configured but none of them will reach pfsense nor get internet unless the ARP option is off.



  • @moh10ly:

    DMZ <<< I got DHCP working here. on the DHCP I pointed the default gateway to the DMZ address on Pfsense (10.10.0.190)

    No need to point anywhere, this is done by design if left blank:

    Gateway	
    The default is to use the IP on this interface of the firewall as the gateway. Specify an alternate gateway here if this is not the correct gateway for your network. Type "none" for no gateway assignment.
    

    But this bites you:

    Static ARP	
     	Enable Static ARP entries
     	Note: This option persists even if DHCP server is disabled. ***Only*** the machines listed below will be able to communicate with the firewall on this NIC.
    

    Regular DHCP clients that are not static won't be able to communicate with your pfSense.



  • Yes, I've enabled all traffic from the DMZ NET to Anywhere on TCP/UDP but if the ARP is ticked no traffic will come or leave from the clients to the Pfsense's DMZ IP and the opposite.



  • @moh10ly:

    All clients get an IP with the correct range that I have configured…

    This implies that the clients you talk about get DHCP leases from the pool - and are NOT statically assigned (which would be out of the pool's range).
    When you tick "Enable static entries ONLY" those getting an IP from the DHCP range won't work.


  • Banned


Log in to reply