Can't decipher security run outputs

Status
Not open for further replies.
C

cen

Dabbler
Joined
Jul 12, 2014
Messages
32
I am getting security run updates on my email every few days and I have no idea whether this are just false alarms or something is actually wring on my machine. Can someone explain me what these errors mean?

arp: 192.168.2.38 moved from dc:c7:93:f1:ec:f8 to 62:66:b3:56:66:a7 on igb0
arp: 192.168.2.38 moved from dc:c7:93:f1:ec:f8 to 62:66:b3:56:66:a7 on igb0
arp: 192.168.2.38 moved from 62:66:b3:56:66:a7 to dc:c7:93:f1:ec:f8 on igb0
ipmi0: KCS: Reply address mismatch
ipmi0: KCS error: 5f
ipmi0: KCS: Reply address mismatch
ipmi0: KCS error: 5f
ipmi0: KCS: Reply address mismatch
ipmi0: KCS error: 5f
ipmi0: Failed to set watchdog
ipmi0: KCS: Reply address mismatch
ipmi0: KCS error: 5f
ipmi0: KCS: Reply address mismatch
ipmi0: KCS error: 5f
ipmi0: KCS: Reply address mismatch
ipmi0: KCS error: 5f
ipmi0: KCS: Reply address mismatch
ipmi0: KCS error: 5f
ipmi0: Failed to set watchdog
ipmi0: KCS: Reply address mismatch
ipmi0: KCS error: 5f
arp: 192.168.2.38 moved from dc:c7:93:f1:ec:f8 to 62:66:b3:56:66:a7 on igb0
arp: 192.168.2.38 moved from 62:66:b3:56:66:a7 to dc:c7:93:f1:ec:f8 on igb0
arp: 192.168.2.38 moved from dc:c7:93:f1:ec:f8 to 62:66:b3:56:66:a7 on igb0
arp: 192.168.2.38 moved from 62:66:b3:56:66:a7 to dc:c7:93:f1:ec:f8 on igb0
arp: 192.168.2.38 moved from dc:c7:93:f1:ec:f8 to 62:66:b3:56:66:a7 on igb0
 
D

dlavigne

Guest
Is there a DHCP server on the network giving out that IP to another host?
 
C

cen

Dabbler
Joined
Jul 12, 2014
Messages
32
I believe I configured DHCP to always give the same IP to freenas box. I don't have access to my router at the moment so I will update the topic tomorrow with my DHCP settings.
 
SweetAndLow

SweetAndLow

Sweet'NASty
Joined
Nov 6, 2013
Messages
6,421
Looks like IP conflict in your network.
 
C

cen

Dabbler
Joined
Jul 12, 2014
Messages
32
Ok so I guess there must be a conflict and I messed something up. The motherboard has 3 LAN ports, one of these is for IPMI. I have the NAS plugged in into a router on a normal port, no other cables.
I have mapped static DHCP on the router like this:

BC:5F:F4:FE:31:AD 192.168.2.151 (ipmi)
D0:50:99:1B:64:BF 192.168.2.150 (igb0)

I can access the FreeNAS web interface on 192.168.2.150 and IPMI on 192.168.2.151 even tho I do not have any cable plugged in the management interface. And it works for whatever reason but could this be the problem? No idea where 192.168.2.38 comes from tho.
 
DrKK

DrKK

FreeNAS Generalissimo
Joined
Oct 15, 2013
Messages
3,630
cen said:
Ok so I guess there must be a conflict and I messed something up. The motherboard has 3 LAN ports, one of these is for IPMI. I have the NAS plugged in into a router on a normal port, no other cables.
I have mapped static DHCP on the router like this:

BC:5F:F4:FE:31:AD 192.168.2.151 (ipmi)
D0:50:99:1B:64:BF 192.168.2.150 (igb0)

I can access the FreeNAS web interface on 192.168.2.150 and IPMI on 192.168.2.151 even tho I do not have any cable plugged in the management interface. And it works for whatever reason but could this be the problem? No idea where 192.168.2.38 comes from tho.
Click to expand...
That last part, the ARP messages about 192.168.2.38 moving from this MAC to that MAC and back again, is almost ALWAYS the same thing: You have multiple access points in your house (e.g., a main router and a repeater), and some device (could be anything---a phone, whatever) is going from one access point NIC to the other. You can find out what 192.168.2.38 is by using a network analysis tool; the one I like to use in a case like this is "fing" for Android. It'll tell you what every IP on your network is being used by. Of course, it gives you the manufacturer OF THE NETWORK INTERFACE on devices, so you might have to cross reference the manufacturer to a device.
 
C

cen

Dabbler
Joined
Jul 12, 2014
Messages
32
Ok, I checked my DHCP leases and 192.168.2.38 is my sister's windows phone. But why the hell would FreeNAS care if some phone changed mac and bother me with this useless information in a security output? Or is the actual problem the ipmi0 lines and the arp switching just happens to be around in the syslog?
 
DrKK

DrKK

FreeNAS Generalissimo
Joined
Oct 15, 2013
Messages
3,630
Right, so, I wouldn't worry about those ARP changing messages, those are just FYI. Perfectly normal. In certain cases, you see, it can indicate that a hijacker has done something with a router in the network, which is why it is there, but 99.1% of the time, it's just a mobile device changing routers on your network.

The other message, if I had to guess, which I also seem to confirm by a medium-deep google, may have to do with IPMI. You don't include your hardware in your post (naughty), so I can't verify that you have an IPMI board, but a lot of the people reporting this issue have traced it back to a jacked-up IPMI interface.
 
DrKK

DrKK

FreeNAS Generalissimo
Joined
Oct 15, 2013
Messages
3,630
Definitely has an AST2300 IPMI on board. You may wish to connect to that and make sure it's up to date.

You do know how IPMI works, or am I speaking Greek to you?
 
C

cen

Dabbler
Joined
Jul 12, 2014
Messages
32
Ok, I'll try that. I'll report back in a few days if anything interesting happens.
 
Status
Not open for further replies.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Can't decipher security run outputs"

Similar threads

R
  • Locked
security run output email
Replies
9
Views
2K
RobertT
R
A
  • Locked
seeing errors, looking for help fixing
Replies
3
Views
2K
Amsoil_Jim
A
profwalken
  • Locked
Besoin aide sur analyse de log
Replies
9
Views
1K
profwalken
profwalken
F
  • Locked
ipmi0: KCS: Reply address mismatch
Replies
1
Views
4K
dlavigne
D
Aleksandr Semenov
  • Locked
Newbie: IPMI on HP Microserver Gen8
Replies
8
Views
6K
fcueto
F
Top