Netgate SG-1000 microFirewall

Author Topic: sys log flooded with "arp: 00:25:90:44:11:e7 attempts to modify permanent entry"  (Read 146 times)

0 Members and 1 Guest are viewing this topic.

Offline wgstarks

  • Jr. Member
  • **
  • Posts: 72
  • Karma: +0/-0
    • View Profile
I'm seeing this entry flooding my system log-
Code: [Select]
Jan 22 17:09:09 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:09:40 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:10:11 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:10:41 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:11:12 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:11:42 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:12:08 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:12:13 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
10.0.1.20 is my unRAID server. Not sure if something is misconfigured there or if it's my pfsense setup. Would appreciate any advice?
pfSense vs 2.4.2_1
Box: Minisys IBOX-501 N10E
CPU: Intel Atom E3845
NIC: Intel WG82583 1000M x 4
RAM: 8GB

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9823
  • Karma: +1111/-311
    • View Profile
So find the permanent ARP entry there and delete it if that is not what you want.

Usually in the DHCP static mapping as attached.

I have been doing this a long time and have never needed to use a static ARP entry. It's usually easier to just fix whatever conditions exist to make it "necessary."
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9823
  • Karma: +1111/-311
    • View Profile
That or I suppose someone is trying to spoof ARP for an interface address. You would need to handle that in your switching gear.

Diagnostics > Packet Capture for ARP on that interface and see what you see.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline wgstarks

  • Jr. Member
  • **
  • Posts: 72
  • Karma: +0/-0
    • View Profile
Thanks. I set a reserved IP for en-0 on the unraid server and then bonded en-0 and en-1. I'm sure that's what is causing this problem. The MAC address shown in the log entry is for en-1 on the unraid server.

Just to be sure I've got it right, I just need to uncheck the ARP Table Static Entry option?
pfSense vs 2.4.2_1
Box: Minisys IBOX-501 N10E
CPU: Intel Atom E3845
NIC: Intel WG82583 1000M x 4
RAM: 8GB

Offline wgstarks

  • Jr. Member
  • **
  • Posts: 72
  • Karma: +0/-0
    • View Profile
That or I suppose someone is trying to spoof ARP for an interface address. You would need to handle that in your switching gear.

Diagnostics > Packet Capture for ARP on that interface and see what you see.

No. I think this is caused by my own ignorance.  :D
pfSense vs 2.4.2_1
Box: Minisys IBOX-501 N10E
CPU: Intel Atom E3845
NIC: Intel WG82583 1000M x 4
RAM: 8GB