Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    If the option Enable Static ARP entries is enabled, clients can't ping Pfsense

    Scheduled Pinned Locked Moved DHCP and DNS
    7 Posts 3 Posters 7.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      moh10ly
      last edited by

      Is this supposed to happen ? and if so I would really appreciate if someone could explain why! Once the option "Enable Static ARP entries" in the DHCP server is enabled the clients that have DHCP leased IP won't be able to ping Pfsense's LAN NIC or wherever NIC the DHCP is enabled on.

      If I try to ping the clients from PFsense also I would get invalid argument.

      Thanks

      Power is Knowledge.

      1 Reply Last reply Reply Quote 0
      • jahonixJ
        jahonix
        last edited by

        You don't write a word about your setup, version, etc. so it's hard to read something out of the crystal ball.
        Over here it's working since version 0.9 or so onwards.

        1 Reply Last reply Reply Quote 0
        • M
          moh10ly
          last edited by

          Yes right, sorry for not clearing up things but I thought it happened with whatever setup you have regardless. my setup is as follow

          WAN
          LAN
          DMZ <<< I got DHCP working here. on the DHCP I pointed the default gateway to the DMZ address on Pfsense (10.10.0.190)

          All clients get an IP with the correct range that I have configured but none of them will reach pfsense nor get internet unless the ARP option is off.

          Power is Knowledge.

          1 Reply Last reply Reply Quote 0
          • jahonixJ
            jahonix
            last edited by

            @moh10ly:

            DMZ <<< I got DHCP working here. on the DHCP I pointed the default gateway to the DMZ address on Pfsense (10.10.0.190)

            No need to point anywhere, this is done by design if left blank:

            Gateway	
The default is to use the IP on this interface of the firewall as the gateway. Specify an alternate gateway here if this is not the correct gateway for your network. Type "none" for no gateway assignment.

            But this bites you:

            Static ARP	
 	Enable Static ARP entries
 	Note: This option persists even if DHCP server is disabled. ***Only*** the machines listed below will be able to communicate with the firewall on this NIC.

            Regular DHCP clients that are not static won't be able to communicate with your pfSense.

            1 Reply Last reply Reply Quote 0
            • M
              moh10ly
              last edited by

              Yes, I've enabled all traffic from the DMZ NET to Anywhere on TCP/UDP but if the ARP is ticked no traffic will come or leave from the clients to the Pfsense's DMZ IP and the opposite.

              Power is Knowledge.

              1 Reply Last reply Reply Quote 0
              • jahonixJ
                jahonix
                last edited by

                @moh10ly:

                All clients get an IP with the correct range that I have configured…

                This implies that the clients you talk about get DHCP leases from the pool - and are NOT statically assigned (which would be out of the pool's range).
                When you tick "Enable static entries ONLY" those getting an IP from the DHCP range won't work.

                1 Reply Last reply Reply Quote 0
                • D
                  doktornotor Banned
                  last edited by

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.