DHCP on bridged lan/wlan
-
http://cvstrac.pfsense.com/tktview?tn=693
Thank you for your answer. Probably I am misunderstanding something, but it doesn't work for me.
What I did: LAN 10.0.0.0/27(fxp1) I gave OPT1 10.0.0.6/27(ath0 WEP enabled).
Enabled DHCP server on OPT1 and assigned static reserves for clients. It doesn't work.
If LAN is 10.0.0.0/27 , OPT1 10.0.0.40/27 it works fine. But in this case a can't apply traffic shapeing for OPT1 :(
That's why I am trying to bridge the two. -
Then you will most likely need to depend on an upstream dhcp server.
-
I think, maybe I am wrong, that the rule 303 blocks the dhcp requests, what is that? Can I switch it off somehow?
======================================== my logs ========================
Dec 29 22:52:20 pf: 000084 rule 303/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:20 pf: 000188 rule 303/0(match): block in on bridge0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:20 pf: 3. 093180 rule 303/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:16 pf: 000081 rule 303/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:16 pf: 000134 rule 303/0(match): block in on bridge0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:16 pf: 115612 rule 303/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:16 pf: 000144 rule 303/0(match): block in on bridge0: fe80:19::204:23ff:fe94:78 > ff02:19::2: ICMP6, router solicitation, length 16
Dec 29 22:52:16 pf: 1. 812786 rule 303/0(match): block in on ath0: fe80::204:23ff:fe94:78 > ff02::2: ICMP6, router solicitation, length 16
Dec 29 22:52:14 pf: 000081 rule 303/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:14 pf: 000140 rule 303/0(match): block in on bridge0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:14 pf: 2. 185924 rule 303/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:12 pf: 000162 rule 303/0(match): block in on bridge0: fe80:19::204:23ff:fe94:78 > ff02:19::2: ICMP6, router solicitation, length 16
Dec 29 22:52:12 pf: 3. 998962 rule 303/0(match): block in on ath0: fe80::204:23ff:fe94:78 > ff02::2: ICMP6, router solicitation, length 16
Dec 29 22:52:08 pf: 000144 rule 303/0(match): block in on bridge0: fe80:19::204:23ff:fe94:78 > ff02:19::2: ICMP6, router solicitation, length 16
Dec 29 22:52:08 pf: 885276 rule 303/0(match): block in on ath0: fe80::204:23ff:fe94:78 > ff02::2: ICMP6, router solicitation, length 16
Dec 29 22:52:07 pf: 000080 rule 303/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:07 pf: 000137 rule 303/0(match): block in on bridge0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:07 pf: 114143 rule 303/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:07 pf: 000134 rule 303/0(match): block in on bridge0: :: > ff02:19::1:ff94:78: ICMP6, neighbor solicitation[|icmp6]
Dec 29 22:52:07 pf: 040165 rule 303/0(match): block in on ath0: :: > ff02::1:ff94:78: ICMP6, neighbor solicitation[|icmp6]
Dec 29 22:52:07 pf: 000183 rule 303/0(match): block in on bridge0: :: > ff02:19::16: HBH [|icmp6]
Dec 29 22:52:07 pf: 3. 842633 rule 303/0(match): block in on ath0: :: > ff02::16: HBH [|icmp6]
Dec 29 22:52:03 pf: 000081 rule 303/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:03 pf: 000162 rule 303/0(match): block in on bridge0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 22:52:03 pf: 15. 801391 rule 303/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp] -
Turn off block private networks and the bogon option under WAN.
-
Thanks for your reply but this didn't help :(
Not to say that I wouldn't like to open the WAN for these kind of private networks.
The other question is that how comes WAN in the picture, when I bridge LAN and OPT1?
Anyhow I did for experience and now I receive the following blocks:Dec 29 23:27:42 pf: 000078 rule 296/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 29 23:27:42 pf: 000140 rule 296/0(match): block in on bridge0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp] -
Yes, the block on WAN is useless in this case, I misread before.
Let me test this out. I'll get back to you.
-
Thanks Scott, let me know if I can help with testing something.
-
Oddly enough this was not working for me but after I rebooted the client, it does work.
Not sure why you're having trouble, it works here.
-
Oddly enough this was not working for me but after I rebooted the client, it does work.
Not sure why you're having trouble, it works here.
O.K. with what settings?
-
OPT1(ATH0) bridged to WAN(SIS1)
-
OPT1(ATH0) bridged to WAN(SIS1)
… but what I want is to bridge OPT1(ATH0) to LAN(fxp1)...
-
That works as well. I have both configurations here that I can restore.
Just restored a similar config and its fine.
-
That's good, in this case I've got hope to set it up finally :)
But now I've got two lines repeated on the diag_logs_filter page:Dec 30 21:54:50 pf: 000056 rule 141/0(match): block in on ath0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 30 21:54:50 pf: 000121 rule 141/0(match): block in on bridge0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]I have rules allow everything from OPT1 to LAN and vice versa.
-
Okay, in this case I bridged LAN to WAN.
Issue the following command from a shell:
update_file.sh /etc/inc/filter.inc && shutdown -r now
And let me know if its fixed after reboot.
-
I've got the following result, what do I wrong?
##############
$ update_file.sh /etc/inc/filter.inc && shutdown -r now
Status: 404
Content-type: text/html
X-Powered-By: PHP/4.4.0No input file specified.
trying to fetch latest /etc/inc/filter.inc
Status: 404
Content-type: text/html
X-Powered-By: PHP/4.4.0No input file specified.
############## -
Try replacing /etc/inc/filter.inc with http://cvs.pfsense.com/cgi-bin/cvsweb.cgi/~checkout~/pfSense/etc/inc/filter.inc?rev=1.575.2.54;content-type=text%2Fplain;only_with_tag=RELENG_1
-
BINGO! Thanks Scott!
This has done magic :)
Will this modification in filter.inc be included in next release? -
Yep.
Thanks for testing!
-
Life is not so easy. :(
Next morning as I switch on my notebook, I didn't receive ip address again.
In the logs I found the followings:
#################
Dec 31 07:46:31 pf: 000126 rule 316/0(match): block in on bridge0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 31 07:46:31 pf: 287219 rule 316/0(match): block in on bridge0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 31 07:46:30 pf: 000134 rule 316/0(match): block in on bridge0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
Dec 31 07:46:30 pf: 7. 386391 rule 316/0(match): block in on bridge0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]#################
Previous evening it was working fine.
-
Run pfctl -vvsa | grep 316
What's the output of that?