News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  General Questions
linktree Topic: syslog - arplookup .. host is not on local network
Pages: [1]
Topic: syslog - arplookup .. host is not on local network  (Read 1923 times)
« on: November 02, 2012, 11:27:48 »
teva *
Posts: 12
I just found some log entries i can't explain

My subnet is 192.168.1.0/24
syslog says
Nov 2 11:22:12   kernel: arplookup 192.168.1.234 failed: host is not on local network
Nov 2 11:22:11   kernel: arplookup 192.168.1.8 failed: host is not on local network
Nov 2 11:21:35   kernel: arplookup 192.168.1.8 failed: host is not on local network
Nov 2 11:21:33   kernel: arplookup 192.168.1.234 failed: host is not on local network
Nov 2 11:20:59   kernel: arplookup 192.168.1.8 failed: host is not on local network
Nov 2 11:20:43   kernel: arplookup 192.168.1.234 failed: host is not on local network

What does this mean? This hosts actually are in local network. I didn't notice those entries before and all i did was mess with IPSEC.
Monowall dhcp server is set to 1.200 to 1.240

Oh yeah..mx ARP table is all of a sudden empty, just public ip on wan interface is shown. There should be like 30 IP's there.

tnx
« Last Edit: November 02, 2012, 11:31:04 by teva »
« Reply #1 on: November 02, 2012, 21:14:29 »
Јаневски ***
Posts: 153
M0n0 asks who has for example 192.168.1.234 and nobody responds with a valid MAC address.

There could be various reasons for the communication to fail, from faulty LAN NIC, to faulty swicth, faulty PC NIC, faulty cable/s all in between, or maybe some sort of address assignment and usage or other kind of problem.

Once I had similar thing it was faulty Realtek NIC, other time overheated (it has been placed into a very hot spot) old switch that had a lot of packet loss...
« Last Edit: November 02, 2012, 21:18:39 by Јаневски »
http://janevski.net
« Reply #2 on: November 04, 2012, 19:51:56 »
teva *
Posts: 12
Will check that out...tnx

Only thing that could be faulty is netgear rack switch. I will check that first.
« Reply #3 on: November 04, 2012, 22:08:36 »
Јаневски ***
Posts: 153
I forgot to mention, it could be a rouge DHCP server connected on an unsecured switch too, or even a switching loop could produce problems.

Check everything.
Take a starting point for example the m0n0 router and step by step inspect everything on the way to the end users including them too, you'll find what it is.
« Last Edit: November 04, 2012, 22:15:01 by Јаневски »
http://janevski.net
« Reply #4 on: November 05, 2012, 20:09:28 »
teva *
Posts: 12
Yep..it seems that wlan router was acting up. It's used behind m0n0wall as AP, with disabled DHCP, but it must have lost it's mind, since DHCP was enabled and sending IP's to clients, so they overlapped with m0n0wall DHCP IP's.

After AP fix, i don't see anymore log entries.

tnx for help
teva
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines