Is there anywhere to see LAN IPs of devices not leased through DHCP?

Started by pseudonym3k, April 16, 2026, 07:44:40 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 16, 2026, 07:44:40 PM
I set up a camera with a fixed IP address in its settings.

I specified the LAN IP (192.168.1.18), the subnet mask (255.255.255.0), the gateway (192.168.1.1 - OPNsense), and the DNS (192.168.1.1 also OPNsense with DNS servers in System->Settings).

I tested the camera on Ethernet and on Wifi and it's working either way. But I don't see it anywhere in OPNsense, not even in the live firewall logs.

Is there someplace I can see a device that is configured like this?

Thank you.
April 16, 2026, 07:55:49 PM #1
Quote from: pseudonym3k on April 16, 2026, 07:44:40 PM[...]Is there someplace I can see a device that is configured like this?

For the devices themselves, perhaps "Interfaces: Neighbors: Automatic Discovery"? I don't use it myself, but the serious issues should be worked out. Also, "Interfaces: Diagnostics: ARP Table" for more conventionally mapped devices.

For firewall logs, you need logging enabled for the matched rule(s). this assumes traffic passing through the firewall, of course.
April 16, 2026, 08:23:28 PM #2
Also to find the IP in the ARP table presumes that the traffic is passed through OPNsense.
So for communications between devices within the same subnet no ARP entry is added on the router.
April 16, 2026, 09:02:24 PM #3
Quote from: pfry on April 16, 2026, 07:55:49 PMFor the devices themselves, perhaps "Interfaces: Neighbors: Automatic Discovery"? I don't use it myself, but the serious issues should be worked out. Also, "Interfaces: Diagnostics: ARP Table" for more conventionally mapped devices.
I have not visited either one of those areas before so thank you for introducing them to me. However, I did not find my camera in either one, not by IP nor by MAC address.

Quote from: pfry on April 16, 2026, 07:55:49 PMFor firewall logs, you need logging enabled for the matched rule(s). this assumes traffic passing through the firewall, of course.
I'm thinking you're right, OPNsense is not aware of the camera. I don't think it has initiated any internet connection, it is just communicating on the LAN.

I'm using a desktop PC browser to open a web setup page to the camera, and also to view the camera feed. I will be adding it to my local-only camera NVR after I give it a lease through Dnsmasq and remove the hard coded settings from the camera.

Assuming this is what's happening (OPNsense is unaware of LAN-only devices that weren't assigned a lease through OPNsense), what would someone like me use to monitor for devices on my LAN? I'm at virtually no risk, personally, not even from a neighbor - but it feels like security hole so just asking the question. Thank you for your thoughts here.
April 16, 2026, 09:03:16 PM #4
Quote from: viragomann on April 16, 2026, 08:23:28 PMAlso to find the IP in the ARP table presumes that the traffic is passed through OPNsense.
So for communications between devices within the same subnet no ARP entry is added on the router.
See my reply to pfry - I think you are right, since DHCP did not hand out a lease OPNsense is not involved in any LAN only communications for the camera in question.
April 16, 2026, 10:32:37 PM #5
Quote from: pseudonym3k on April 16, 2026, 09:02:24 PMAssuming this is what's happening (OPNsense is unaware of LAN-only devices that weren't assigned a lease through OPNsense), what would someone like me use to monitor for devices on my LAN?
This is pretty much what you are looking for in OPNsense :
Quote from: pfry on April 16, 2026, 07:55:49 PMFor the devices themselves, perhaps "Interfaces: Neighbors: Automatic Discovery"?
And if you happen to use Pi-Hole then you can use a built-in function that does something similar.

There are also projects like this one : https://github.com/netalertx/NetAlertX

Pick the one you like the most :)

QuoteI'm at virtually no risk, personally, not even from a neighbor - but it feels like security hole so just asking the question.
As long as you don't have random people connecting devices to your network without you knowing it the risk is pretty low...

Quote from: viragomann on April 16, 2026, 08:23:28 PMAlso to find the IP in the ARP table presumes that the traffic is passed through OPNsense.
So for communications between devices within the same subnet no ARP entry is added on the router.
Not always :

A device can ask all other devices on the network "Who is <another device> ?" and in that case it can appear in the ARP/RARP Cache.
Also that Cache expires so maybe there hasn't been any communication in the last 300 seconds :)
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
April 16, 2026, 11:12:14 PM #6
Quote from: nero355 on April 16, 2026, 10:32:37 PMAs long as you don't have random people connecting devices to your network without you knowing it the risk is pretty low...
Yes I know I've practically zero risk. But that sidestepped my point that it feels like a security hole... I'm thinking of all the home users who have some router and firewall and don't know about devices that *could* be connecting to their network this way. Some elderly relatives come to mind. They're even fairly literate and technical, but without understanding they don't know what they don't know. They wouldn't even think to look. I wouldn't either, except I was curious whether it would show up in Dnsmasq leases since Dnsmasq had nothing to do with handing out the IP. I wasn't surprised it didn't show up, but that lead me to wondering about devices like this in general... it was not hard to put it on my wifi with a prepopulated IP, given I know my wifi's password.

I'm not wondering about risk so much as not having (and not knowing I don't have) an upfront way of seeing everything that is connected, regardless of how it got there. Risk concerns obviously apply more to people who don't secure their routers, gave out the password a lot and never changed it, etc....

Quote from: nero355 on April 16, 2026, 10:32:37 PMThis is pretty much what you are looking for in OPNsense :
QuoteFor the devices themselves, perhaps "Interfaces: Neighbors: Automatic Discovery"?
I didn't find my camera there though. That would be excellent if it were there but it hasn't showed up yet.

Quote from: nero355 on April 16, 2026, 10:32:37 PMAnd if you happen to use Pi-Hole then you can use a built-in function that does something similar.
There are also projects like this one : https://github.com/netalertx/NetAlertX
Pick the one you like the most :)
I had looked at PiHole some time back and didn't need it. I'll look at it again. And I'll look at NetAlertX, thank you for the reference. Is there anything else that would be very simple for a home user to implement?

Quote from: nero355 on April 16, 2026, 10:32:37 PM
QuoteAlso to find the IP in the ARP table presumes that the traffic is passed through OPNsense.
So for communications between devices within the same subnet no ARP entry is added on the router.
Not always :

A device can ask all other devices on the network "Who is <another device> ?" and in that case it can appear in the ARP/RARP Cache.
Also that Cache expires so maybe there hasn't been any communication in the last 300 seconds :)
The camera has been continually streaming its video to a browser open to its IP, but hasn't shown up in the ARP list.
April 16, 2026, 11:17:26 PM #7
There are tools like ntopng or netflow that give you the observability you'd like.

My (personal) recommendation for netflow is to use a dedicated off-firewall collector. I have no experience with ntopng.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 16, 2026, 11:29:39 PM #8
Quote from: Patrick M. Hausen on April 16, 2026, 11:17:26 PMThere are tools like ntopng or netflow that give you the observability you'd like.
I will take a look at these. Thanks.
Print
Go Up Pages1
User actions