Fwd: Unknown IP address shows FreeBSD server MAC in arp cache

Kaya Saman kayasaman at gmail.com
Thu Apr 25 02:08:10 UTC 2013

Well.... I managed to find the answer!!

Scanning through /etc/defaults/rc.conf I noticed this:

dhclient_program="/sbin/dhclient"       # Path to dhcp client program.
dhclient_flags=""               # Extra flags to pass to dhcp client.

Then I went back to check my DHCP server's log files and indeed a DHCP
request came through from the server even though the IP's are all
statically configured on it.

Now all I have to do is tell the system not to use the "dhclient"
program and then all will be sorted :-)




-------- Original Message --------
Subject: 	Unknown IP address shows FreeBSD server MAC in arp cache
Date: 	Thu, 25 Apr 2013 02:52:21 +0100
From: 	Kaya Saman <kayasaman at gmail.com>
To: 	freebsd-questions at freebsd.org


I'm experiencing a weird problem and I have no idea where to begin with
this one!

Basically what's happening is that I did a host scan from my NetBSD box
running Cacti in order to 'Auto Discover' machines on my network; a php
script on the Cacti server added an IP address xxx.xxx.1.52.

Seeing this as odd since I haven't configured any machine with this IP
as it's in the DHCP range on my network and there aren't any machines
running on DHCP on the particular VLAN either as everything is
statically configured; I proceeded to check the arp cache of my NetBSD
box which pointed to the MAC address of my FreeBSD server?

Having a look round my network and servers each ping attempt to
xxx.xxx.1.52 gives me a response and in the arp cache of each
machine/device shows the FreeBSD server.

Long ago I may have had this machine on xxx.xxx.1.52 but I can't recall
and all settings in /etc/rc.conf for interfaces and Jails are fine and
consistent with my Network Spec. My network has also had a massive
overhaul since then as I've changed switches and router in the meantime

I have thought about arp poisoning but then again no other machine is
connected to my network that I don't know about and since it's a home
network there's really only me connected to it. Also I'm running OpenBSD
as a firewall/router gateway which I've also checked thoroughly
including Packet Filter and haven't found any issues.

I also thought about RARP and bootparamd since I'm running a bunch of
Sun SPARC systems in which I NetBooted but nothing on that front either
showed any result. I additionally have checked the /etc/hosts files of
all my systems and even my local DNS db files but nothing shows
xxx.xxx.1.52 at all.

The BSD version that I'm running on my FreeBSD server is 8.2 x64.

Would anyone be able to help me out with this one?

Basically why is a rogue or unknown IP address pointing to my FreeBSD
box's NIC?



More information about the freebsd-questions mailing list