DHCP on bridged lan/wlan

usk

When you bridge LAN and WLAN(opt2) then the DHCP tab for WLAN isn't there any more i.e. I can only setup DHCP for the LAN.
I havent had time to test on 0.92 yet.

iimre

Hi,
Have you managed to solve this problem?
I'm now faceing the same problem  (PFS 1.0-BETA1), and looking for a solution.

sullrich

http://cvstrac.pfsense.com/tktview?tn=693

iimre

@sullrich:

http://cvstrac.pfsense.com/tktview?tn=693

Thank you for your answer. Probably I am misunderstanding something, but it doesn't work for me.
What I did: LAN 10.0.0.0/27(fxp1) I gave OPT1 10.0.0.6/27(ath0 WEP enabled).
Enabled DHCP server on OPT1 and assigned static reserves for clients. It doesn't work.
If LAN is 10.0.0.0/27 , OPT1 10.0.0.40/27 it works fine. But in this case a can't apply traffic shapeing for OPT1 :(
That's why I am trying to bridge the two.

sullrich

Then you will most likely need to depend on an upstream dhcp server.

iimre

I think, maybe I am wrong, that the rule 303 blocks the dhcp requests, what is that? Can I switch it off somehow?

======================================== my logs ========================
Dec 29 22:52:20 pf: 000084 rule 303/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:20 pf: 000188 rule 303/0(match): block in on bridge0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:20 pf: 3. 093180 rule 303/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:16 pf: 000081 rule 303/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:16 pf: 000134 rule 303/0(match): block in on bridge0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:16 pf: 115612 rule 303/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:16 pf: 000144 rule 303/0(match): block in on bridge0: fe80:19::204:23ff:fe94:78 > ff02:19::2: ICMP6, router solicitation, length 16
Dec 29 22:52:16 pf: 1. 812786 rule 303/0(match): block in on ath0: fe80::204:23ff:fe94:78 > ff02::2: ICMP6, router solicitation, length 16
Dec 29 22:52:14 pf: 000081 rule 303/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:14 pf: 000140 rule 303/0(match): block in on bridge0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:14 pf: 2. 185924 rule 303/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:12 pf: 000162 rule 303/0(match): block in on bridge0: fe80:19::204:23ff:fe94:78 > ff02:19::2: ICMP6, router solicitation, length 16
Dec 29 22:52:12 pf: 3. 998962 rule 303/0(match): block in on ath0: fe80::204:23ff:fe94:78 > ff02::2: ICMP6, router solicitation, length 16
Dec 29 22:52:08 pf: 000144 rule 303/0(match): block in on bridge0: fe80:19::204:23ff:fe94:78 > ff02:19::2: ICMP6, router solicitation, length 16
Dec 29 22:52:08 pf: 885276 rule 303/0(match): block in on ath0: fe80::204:23ff:fe94:78 > ff02::2: ICMP6, router solicitation, length 16
Dec 29 22:52:07 pf: 000080 rule 303/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:07 pf: 000137 rule 303/0(match): block in on bridge0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:07 pf: 114143 rule 303/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:07 pf: 000134 rule 303/0(match): block in on bridge0: :: > ff02:19::1:ff94:78: ICMP6, neighbor solicitation[|icmp6]
Dec 29 22:52:07 pf: 040165 rule 303/0(match): block in on ath0: :: > ff02::1:ff94:78: ICMP6, neighbor solicitation[|icmp6]
Dec 29 22:52:07 pf: 000183 rule 303/0(match): block in on bridge0: :: > ff02:19::16: HBH [|icmp6]
Dec 29 22:52:07 pf: 3. 842633 rule 303/0(match): block in on ath0: :: > ff02::16: HBH [|icmp6]
Dec 29 22:52:03 pf: 000081 rule 303/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:03 pf: 000162 rule 303/0(match): block in on bridge0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:03 pf: 15. 801391 rule 303/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]

sullrich

Turn off block private networks and the bogon option under WAN.

iimre

Thanks for your reply but this didn't help :(
Not to say that I wouldn't like to open the WAN for these kind of private networks.
The other question is that how comes WAN in the picture, when I bridge LAN and OPT1?
Anyhow I did for experience and now I receive the following blocks:

Dec 29 23:27:42 pf: 000078 rule 296/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 23:27:42 pf: 000140 rule 296/0(match): block in on bridge0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]

sullrich

Yes, the block on WAN is useless in this case, I misread before.

Let me test this out.  I'll get back to you.

iimre

Thanks Scott, let me know if I can help with testing something.

sullrich

Oddly enough this was not working for me but after I rebooted the client, it does work.

Not sure why you're having trouble, it works here.

iimre

@sullrich:

Oddly enough this was not working for me but after I rebooted the client, it does work.

Not sure why you're having trouble, it works here.

O.K.  with what  settings?

sullrich

OPT1(ATH0) bridged to WAN(SIS1)

iimre

@sullrich:

OPT1(ATH0) bridged to WAN(SIS1)

… but what I want is to bridge OPT1(ATH0) to LAN(fxp1)...

sullrich

That works as well.  I have both configurations here that I can restore.

Just restored a similar config and its fine.

iimre

That's good, in this case I've got hope to set it up finally  :)
But now I've got two lines repeated on the diag_logs_filter page:

Dec 30 21:54:50 pf: 000056 rule 141/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 30 21:54:50 pf: 000121 rule 141/0(match): block in on bridge0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]

I have rules allow everything from OPT1 to LAN and vice versa.

sullrich

Okay, in this case I bridged LAN to WAN.

Issue the following command from a shell:

update_file.sh /etc/inc/filter.inc && shutdown -r now

And let me know if its fixed after reboot.

iimre

I've got the following result, what do I wrong?

##############
$ update_file.sh /etc/inc/filter.inc && shutdown -r now
Status: 404
Content-type: text/html
X-Powered-By: PHP/4.4.0

No input file specified.
trying to fetch latest /etc/inc/filter.inc
Status: 404
Content-type: text/html
X-Powered-By: PHP/4.4.0

No input file specified.
##############

sullrich

Try replacing /etc/inc/filter.inc with http://cvs.pfsense.com/cgi-bin/cvsweb.cgi/~checkout~/pfSense/etc/inc/filter.inc?rev=1.575.2.54;content-type=text%2Fplain;only_with_tag=RELENG_1

iimre

BINGO! Thanks Scott!
This has done magic :)
Will this modification in filter.inc be included in next release?