On my primary router that is the gateway to my ISP, my OpenWrt interface definition are simple: 1 br-lan for 192.168.0.1/24 and a WAN that is the gateway to ISP.
On another local device, I'm using older DDWRT software in 'client bridge" mode on the 192.168.0.xxx subnet. That creates a virtual device with ip 22.214.171.124. Apparently that causes a lot of devices on the 192.168.0.xxx subnet to do ARP requests for 126.96.36.199.
I saw ARP requests for 188.8.131.52 on the 192.168.0.xxx subnet using 'addrwatch' software on a linux client. There were no responses for those requests.
My ISP apparently saw leaked MAC addresses from my local subnet. I suspected it was from the 184.108.40.206 ARP requests being forwarded out to the WAN.
Is that how it works? if there is no br-lan that covers 220.127.116.11 does the ARP request go out the WAN interface (with the mac info from my local devices)
I changed my DD-WRT setup to use "client" mode so no 18.104.22.168 virtual device is in use any more on my local network. This apparently fixed the problem the ISP was complaining about. (seeing my local MAC info on his interfaces)
I was wondering if I had created a separate OpenWrt br-lan interface for 22.214.171.124/24 with some gateway specified (not the wan), if that would have kept the 126.96.36.199 ARP requests local (not forwarded to WAN) ...The ARP requests for 188.8.131.52 apparently don't need to be satisfied (everything was working without responses). I just don't want them leaked to the WAN with local MAC info.
The isp couldn't tell me how he was seeing my local devices MAC info, but I'm confident it wasn't from DHCP requests.
Thanks for any insight. I'm a bit confused by ARP since my understanding is that it operates at a lower level than ip routing. So no ip routing rules affect where they go. So what controls where they go or get forwarded? (the br-lan definitions?)
Prior to 2010 the subnet 1.x.x.x was private and many systems used 184.108.40.206 as a placeholder.
Since 2010 that subnet became public.
More recently 220.127.116.11 has become the main address of the Cloudfare DNS service.
Since 2010 no addresses in the subnet should be used locally as it can cause problems.
Why are you using it?
Yes in looking up 18.104.22.168 info on the web, I saw the transition of 22.214.171.124 to external like you say.
I was only using it because as I mentioned, on another device that I was using as a wireless bridge, I was running older DD-WRT software in what they call "client bridge" mode. That caused a virtual device with the 126.96.36.199 address to be used/created. I guess some vlans might also have a virtual device of 188.8.131.52
I switched to "client" mode in DD-WRT so that it acts like a real router, (with another 192.168.2.xxx subnet) and the 184.108.40.206 device is not created and now my isp says they don't see my local mac info.
But I wanted to understand whether openwrt was sending the ARP requests for 220.127.116.11 thru the default gateway (wan)
And whether an alternate solution would have been to create a br-lan for 18.104.22.168/24
Basically, I don't understand if openwrt forwards ARP requests to the WAN
A side note: some people might say ARP requests on a subnet should only be for that subnet. But for whatever reason, I saw my devices creating ARP requests (with no response) for 22.214.171.124 in my initial setup.
Arp requests are layer 2 so will not and cannot be ip routed to wan..
They will pass through a bridge though.
If your dd device has an ip address of 126.96.36.199 then yes, expect it to send out arp requests (at layer 2 - ie no ip header on the packets)
Everything on your lan will receive these requests.The effect will be somewhat difficult to predict.
"difficult to predict"
I guess it's not very well documented what happens, because the expectation, for a proper configuration, is that ARP requests should only be for stuff on that subnet?
if so, then it's kind of like the having the ARP requests for 188.8.131.52 on the lan (which is 192.168.0.xxx) is the basic problem...i.e. there's no "correct" definition for what is supposed to happen. Although you do say the ARP requests will pass thru a bridge.
If I created a separate br-lan for 184.108.40.206/24 would the ARP get passed thru that? i.e. if I specified a gateway on that br-lan to 192.168.0.something, would I get the effect of ARP passing thru a bridge?
I guess it's unclear if there's any case of openwrt passing ARP to the wan. The default gateway on the 192.168.0.xxx br-lan is out the wan. So would that make the ARP go out that way like it's passing thru a bridge?
I don't have any experience on this but I have read about related issues hare on the forum. Here are some thoughts for ideas to look into and see if they apply to your system:
Many of these consumer grade router/bridge/wifi combo systems have physical distributed switch hardware that takes care of some layer 2 ethernet frame forwarding without involving the cpu (OpenWrt). Some devices assign one of the ports on the hardware switch to be the "WAN" interface but layer 2 isolation (my term) may not always be available.
The firmware for the switch hardware may be a proprietary binary blob running in the switch controller so OpenWrt does what it can but ultimately the switch can be doing things the system kernel isn't aware of.
Forwarding L2 frames might not be a "feature" of OpenWrt. There may be things you can do to mitigate it if what I mentioned above applies to your router. Search the forum to find out more.
ah ...good thoughts. Thank you.
Yes, the idea that some L2 stuff might be hardwired in the physical device, is interesting/reasonable.
So different people might see different behavior, even when using the same openwrt version.
By the way, I see in your profile that you have a wrt1900acs. I did some forum searching and did not find any reference to switch leaking for that device. Also, the leaking issue tends to be for a short time at boot up before OpenWrt configures the switch device.
thanks stmtpr. Wow. interesting problem. Glad I didn't try 22.03.3
I'm using 22.03.2
other than an issue with 5Ghz hanging after some time, I've had no issues for months with 22.03.2 with my earlier configuration. I disabled 5Ghz and just use 2.5Ghz.
The ARP apparent leakage was just reported to me recently by my isp. He didn't like seeing my local subnet's MAC info (although apparently his logging mechanism didn't flag it as ARP..I just speculated it was, changed my config and now the isp doesn't see my MAC stuff.
heh...side note. I'm in a small town with fiber. the admin at the isp upped my connection speed as a free "thank you" for my fix.
I guess there's no good way in openwrt to log ARP packets ?