Someone's using my IP address

B

balanga

arp: 00:1d:72:96:4e:0b is using my IP address 192.168.1.97 on em0!

I have quite a few systems running on my LAN, how do I stop the assignment to the other system. I'm using pfSense as the DHCP server, but suspect I could do something from the command line by ssh-ing in.

Any ideas?
 
Generally, DHCP keeps tracks of IP addresses it leases out to the network from within the ip pool range (it could be the entire 192.168.1.2-254 or a portion of that range). The issue comes when there are either 2 DHCP servers serving the same IP ranges; then there are the other side of statically configured IP addresses within the assignable range. In the cases of 2 DHCP servers, the client listens to the FIRST response when it asks an address. I would guess, you probably have the case that one DHCP service is provided from your internet modem (very common, and tends to be defaulted to on) coupled with your pfSense providing the second DHCP service. In that case, you have the either choice of disabling one of the DHCP services, or you configure the 2 DHCP services so that they don't overlap (say one provides from .2-.100 and the other doing .101-.200). A third possibility that depends on your network layout, is you configure the firewall so that it doesn't allow any DHCP responces from the modem side. Most of the DHCP process is done on the global broadcast address, so you will have to filter based on the source/dest port.
https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol

A Simple diagram to show what I am meaning...


Code: 
Computer 1/2/3  ------ Firewall (pfSense) ------ internet modem
                           (DHCP Server)         (DHCP Server)
 
According to the IEEE Registration Authority, 00:1D:72 is assigned to the Wistron Corporation, a major original design manufacturer based in Taiwan. It was the manufacturing arm of Acer Inc. before being spun off in 2000.

You don't say how the address 192.168.1.97 is assigned to em0. Is it static, or dynamic via the DHCP server?

In any event, login to the DHCP server and look at its configuration. It will have a block of IP addresses available to give out as leases. Make sure that addresses in that block are not used in static assignments on any host in your network. For instance I reserve 192.168.1.201 through 192.168.1.240 for DHCP leases.

If you make changes to the DHCP lease address block, you should restart anything reliant on it, starting with the DHCP server itself.
 
You must log in or register to reply here.
Back
Top