Can you explain this Device List?

Discussion in 'Tomato Firmware' started by LLigetfa, Jan 5, 2008.

  1. LLigetfa

    LLigetfa LI Guru Member

    I keep seeing a device on VLAN1 coming and going in my device list.
    Device List
    Interface MAC Address IP Address Name RSSI      Quality Lease      
    vlan1 00:12:3F:77:3A:37     
    eth1 00:15:E9:xx:xx:xx FF0876L -65 dBm 29  0 days, 23:06:26 
    Noise Floor: -94 dBm
    When I lookup the OUI, it is registered to DELL but I don't have any DELL computers.

    My router does PPPoE over a fixed wireless Motorola Canopy and in order to get access to my Canopy SM which is, I put the following two scripts in my router:
    sleep 5
    ip addr add dev vlan1 brd +
    iptables -I POSTROUTING -t nat -o vlan1 -d -j MASQUERADE
    I run my wireless with WPA / WPA2 Personal + TKIP / AES and I live out in the country where neighbors are several hundreds of feet away so I wonder if this connection is coming in via the WAN port. If it is, I don't see how a 169 number is routable unless it is the ISP in bridge mode.

    Any ideas?
  2. Odin-60

    Odin-60 LI Guru Member

    169.254.x.x addresses are assigned randomly upon reboot, so the IP address
    of the device may indeed have changed to in the meantime.

    Furthermore, the MAC address often reflects the actual manufacturer
    (obviously Dell in your case) rather than the brand (Motorola). For instance,
    my "Siemens" DSL modem is reported as "ASKEY".
  3. LLigetfa

    LLigetfa LI Guru Member

    Thanks for trying. I know how APIPA works in general but Canopy radios don't actually do APIPA, they are hard coded to and that is the IP I always use to access it. Also, the OUI portion of the MAC addy is 0a-00-3e.

    My DLink USB has an OUI of 00:15:E9 and the Buffalo router has 00:16:01 so those are not it.

    Anyone else have an anwser?
  4. mstombs

    mstombs Network Guru Member

    You have given your router a local IP address on the WAN port with a very large netmask,
    this entry appearing in the device list (arp table) does tell you your router has directly communicated with the device. My guess it the private address of the "next hop" router, which may be defined as your router gateway. With my DSL modem this device appears alongside my modem local IP.

    If you don't like the security implications of this I think you could give your router a /32 local ip address and a specific router to only your modem "route add -host dev vlan1" or similar.
  5. LLigetfa

    LLigetfa LI Guru Member

    Mmmk... So the device list is merely the router's ARP table and the presence of the DELL MAC doesn't indicate the firewall is allowing it in?

    Since every Canopy SM has the same IP on the ethernet side, I doubted the WISP is actually routing hence my confusion. I don't know enough about the Canopy SM but I think it is in bridge mode. Could be that the DELL MAC is another subscriber. This is a brand new tower and I believe that I'm the first subscriber (and until recently, their only sub) on their 5.7GHz AP. The other subs, I think are all on the 900MHz AP. Either that or they dropped in a PC to monitor and troubleshoot as they are still having some provisioning pains.

    Anyway... you gave me the idea to simply change my IP/CIDR on my router to along with the /30 CIDR for iptables and I no longer see the DELL in my ARP table.

    Thanks a bunch!
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice