DHCP Copy-Machine
-
We have found the following problem:
- if you have a dhcp-server sitting behind a pfsense with dhcp-relaying enabled, the pakets incomming to WAN going to the dhcp-server are also relayed to the configured dhcp-servers.
example:
wan: 192.168.2.2
lan: 192.168.1.0/24
dhcp-server 192.168.1.5
dhcp-relay 192.168.3.1/ 192.168.3.2incoming [dhcp for 192.168.1.5] –> WAN --> dhcp-sever and also relayed to 192.168.3.1 / 192.168.3.2
The only option to stop flooding with dhcp-request is to change the dhcrelay-options:
dhcrelay -D -a -m discard -i eth0 eth1 192.168.3.1 192.168.3.2This seems to work for us, if a circuit-id is set in the incomming dhcp-paket. As the dhcprelay is started within /etc/inc/services.inc 1842 we modified that line.
Any other ideas or thoughts on this ?
-
huh??
So your using pfsense as a internal router/firewall and its not doing nat?
-
Yes, we are not using NAT. I think most users use NAT (SOHO).
If you are using a firewall in a larger environment this is the case.
Therefore it would be a good idea to make the dhcp-relay options available. -
dhcp relay is an option..
as to this?
"the pakets incomming to WAN going to the dhcp-server are also relayed to the configured dhcp-servers."Not unless you enable relay on your pfsense wan interface..
I would suggest you draw up your network.. If you were using pfsense as a downstream network router why would there be dhcp requests on the tranist network connecting pfsense to your upstream router?
If your pfsense wan is 192.168.2 – how would dhcp requests for 192.168.1 network be coming into wan?
So your relay your dhcp across your 192.168.2 transit to 192.168.2.2?? On its way to 192.168.1.5?