pfSense Support Subscription

Author Topic: Static ARP entry with v2.1 ?  (Read 1280 times)

0 Members and 1 Guest are viewing this topic.

Offline JohnnyBeGood

  • Jr. Member
  • **
  • Posts: 98
  • Karma: +0/-0
    • View Profile
Static ARP entry with v2.1 ?
« on: September 27, 2013, 11:56:59 pm »
Hi all,

I would like to setup something something like I had with v2.0.3
and that if static ARP. I had it it working great with this http://forum.pfsense.org/index.php/topic,40451.msg209005.html#msg209005 suggestions from member NOYB http://forum.pfsense.org/index.php?action=profile;u=18350 can this still be applied with v2.1?
I just don't want to screw up anything. Maybe there's an option to enable this already. My goal is that if I give IP and port forward say port 9 (WOL) to 192.168.1.100 and want it always to get that IP even thought computer is in off state. It really worked with above NOYB's suggestion.

TIA
I like to fill my tub up with water, then turn the shower on and act like I'm in a submarine that's been hit!

Offline NOYB

  • Sr. Member
  • ****
  • Posts: 440
  • Karma: +0/-0
    • View Profile
Re: Static ARP entry with v2.1 ?
« Reply #1 on: September 28, 2013, 02:27:05 am »
 
Static DHCP entries can be given static ARP entries.  This is one of the features that made it into 2.1.
 
Make sure you know what you have set up so you can recreate it using the feature after the upgrade.
 
Services
DHCP Server
scroll to bottom of page and add a DHCP Static Mapping...
on the Static DHCP Mappings page check the ARP Table Static Entry box.
 
For example I create the following entry for WoL.
 
ff:ff:ff:ff:ff:ff
192.168.2.254
Broadcast-Agent
 
And use NAT to map the port and Firewall rules to allow only the source IP's I need to send WoL packets from.
 

Offline JohnnyBeGood

  • Jr. Member
  • **
  • Posts: 98
  • Karma: +0/-0
    • View Profile
Re: Static ARP entry with v2.1 ?
« Reply #2 on: September 29, 2013, 02:42:20 am »

Static DHCP entries can be given static ARP entries.  This is one of the features that made it into 2.1.
 
Make sure you know what you have set up so you can recreate it using the feature after the upgrade.
 
Services
DHCP Server
scroll to bottom of page and add a DHCP Static Mapping...
on the Static DHCP Mappings page check the ARP Table Static Entry box.
 
For example I create the following entry for WoL.
 
ff:ff:ff:ff:ff:ff
192.168.2.254
Broadcast-Agent
 
And use NAT to map the port and Firewall rules to allow only the source IP's I need to send WoL packets from.
Thank you for the reply! Nice to see you still around.

I've solved it with port forward for each PC http://i.imgur.com/r0LSQdJ.png

With v.2.0.3 after I applied your mod I already had on each computer using Win7 I had static IP set like this:
192.168.1.100 PCNAMEMAIN
192.168.1.101 PCNAME1
192.168.1.102 PCNAME2

Now with v2.1 since its build in I had to modify DHCP range from 192.168.1.106---192.168.1.120
and use your suggestions to add other computers static ARP with MAC addresses.

What I don't understand is what  checking  "ARP Table Static Entry" http://i.imgur.com/9dbcxag.png does?

Because checking that it creates exclamation mark.


I like to fill my tub up with water, then turn the shower on and act like I'm in a submarine that's been hit!

Offline NOYB

  • Sr. Member
  • ****
  • Posts: 440
  • Karma: +0/-0
    • View Profile
Re: Static ARP entry with v2.1 ?
« Reply #3 on: September 30, 2013, 02:09:22 am »
 
Signifies that that static DHCP entry has a static ARP entry.
 

Offline JohnnyBeGood

  • Jr. Member
  • **
  • Posts: 98
  • Karma: +0/-0
    • View Profile
Re: Static ARP entry with v2.1 ?
« Reply #4 on: September 30, 2013, 02:14:16 am »

Signifies that that static DHCP entry has a static ARP entry.
Ok, What if it's not checked? Then it's disabled?
I like to fill my tub up with water, then turn the shower on and act like I'm in a submarine that's been hit!

Offline NOYB

  • Sr. Member
  • ****
  • Posts: 440
  • Karma: +0/-0
    • View Profile
Re: Static ARP entry with v2.1 ?
« Reply #5 on: September 30, 2013, 02:48:27 am »
 
If it is not checked then there won't be a static ARP entry created for it.
 

Offline NOYB

  • Sr. Member
  • ****
  • Posts: 440
  • Karma: +0/-0
    • View Profile
Re: Static ARP entry with v2.1 ?
« Reply #6 on: September 30, 2013, 02:49:23 am »
 
The way in which you've set up the NAT is not the way I'd do WoL.  But nothing says you have to do it the way I would.

My way is to create a static DCHP entry as follows, with ARP Table Static Entry.
ff:ff:ff:ff:ff:ff
192.168.1.254
Broadcast-Agent
 
Then NAT specific source hosts with destination port 9 to redirect target IP Broadcast Agent port 9, with Filter rule association set.
My WoL NAT Config:
Interface: WAN
Protocol: UDP
Source: (WoL Magic Packet Senders)
Source port range: any
Destination: WAN Address
Destination port range: 9
Redirect target ip: 192.168.1.254
Redirect target port: 9
Description: Broadcast (WoL Magic Packet)
NAT reflection: Use system default
Filter rule association: Rule NAT Broadcast (WoL Magic Packet)


From the WoL service being used send WoL request to the public IP (WAN address), and specify the MAC of the machine to be woken up.

pfSense NAT's it to 192.168.1.254.  And because 192.168.1.254 has all F's MAC address this is a broadcast.  Which is the way WoL magic packets are intended to be transmitted (as a broadcast).  So all machines in the broadcast domain will see the WoL packet but only the one with the MAC address being targeted by the WoL packet will accept the WoL packet and wake up.

This way each machine does not require it's own dedicated WoL NAT and the WoL config can be used to wake any WoL enabled machine within the broadcast domain.
 
Of course any destination port can be used other than 9, so long as the WoL packet sending service being used allows it to be set.
« Last Edit: September 30, 2013, 03:47:00 am by NOYB »

Offline JohnnyBeGood

  • Jr. Member
  • **
  • Posts: 98
  • Karma: +0/-0
    • View Profile
Re: Static ARP entry with v2.1 ?
« Reply #7 on: October 02, 2013, 02:54:22 pm »
Thanks for the detailed explanation! I'm sure it'll help others who want to setup WOL.

On my Android phone I have WOL app where you can specify MAC and port of a device that you want to wake up.
Is this one of examples where either one will work and there's no my vs your approach is better?

I just don't want to run into issues when setting up something else just because I did it "my way".
I like to fill my tub up with water, then turn the shower on and act like I'm in a submarine that's been hit!

Offline NOYB

  • Sr. Member
  • ****
  • Posts: 440
  • Karma: +0/-0
    • View Profile
Re: Static ARP entry with v2.1 ?
« Reply #8 on: October 02, 2013, 03:37:10 pm »
 
I think the difference between the two ways that would be most likely to impact would be the NAT/Firewall settings I use to restrict WoL begin accepted from only a few static source IP addresses.  Guessing your mobile device wouldn't have a static IP address.  So the NAT/Firewall rule would have to accept any, or at least a much larger range, of IP addresses.  But I think your NAT/Firewall rule already allows any address to accommodate the mobile device.  Both ways should work with mobile device so long as the NAT/Firewall is configured to accommodate it.
 

Offline JohnnyBeGood

  • Jr. Member
  • **
  • Posts: 98
  • Karma: +0/-0
    • View Profile
Re: Static ARP entry with v2.1 ?
« Reply #9 on: October 02, 2013, 05:14:43 pm »

I think the difference between the two ways that would be most likely to impact would be the NAT/Firewall settings I use to restrict WoL begin accepted from only a few static source IP addresses.  Guessing your mobile device wouldn't have a static IP address.  So the NAT/Firewall rule would have to accept any, or at least a much larger range, of IP addresses.  But I think your NAT/Firewall rule already allows any address to accommodate the mobile device.  Both ways should work with mobile device so long as the NAT/Firewall is configured to accommodate it.
It makes sense. I will start to monitor my cell phone IP just to see if its going to change.
Thank you!
I like to fill my tub up with water, then turn the shower on and act like I'm in a submarine that's been hit!