Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Client DHCP issues with pfSense and Squid (Resolved)

    Scheduled Pinned Locked Moved
    DHCP and DNS
    2
    3
    4.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AndyH3009
      last edited by

      Hi,

      Firstly, if this has already been covered some where then sorry, I have tried searching for a solution but nothing seems to fit the problems I am having.  This could be a Squid issue but as it directly relates to DHCP I have posted it here.

      One of my clients has pfSense 1.2.2 setup as the firewall / proxy of all the workstations.

      There are 3 servers

      1. Windows Svr 2003 RC2 - File/Print, ADC, DNS(AD), DHCP(AD) - IP yyy.yyy.yyy.2

      2. Windows Svr 2003 - SQL, ADC, DNS(AD) - IP yyy.yyy.yyy.9

      3. Windows Svr 2000 - Exchnage - IP yyy.yyy.yyy.7

      The pfSense has 3 nics but the OPT1 interface is not connected.

      Static WAN address with two CARP virtual IP's xxx.xxx.xxx.194 (static), xxx.xxx.xxx.196(carp1) and xxx.xxx.xxx.197(carp2)

      The LAN interface is static with IP yyy.yyy.yyy.6

      The issue that my client is seeing is this…..

      Most of the time any network client requesting a DHCP assigned address is receiving the correct address from the Windows server yyy.yyy.yyy.2.  Here and there some clients are being assigned address's from the pfSense box on yyy.yyy.yyy.6.

      This has been verified by looking at the network interface details on the Windows client machine.  DHCP server is listed as yyy.yyy.yyy.6 and the DNS servers are assigned as web DNS's and not the two internal servers.

      DHCP server is disabled on the pfSense box, as is DHCP relay.

      The only installed package is Squid, installed from the packages menu.  This was installed to block MSN traffic and certain websites.

      This has me stumped to be honest and I cant find a way to disable the DHCP services at console level, I have not been using pfSense that long.

      I also use a similar configuration with a Windows server as DHCP(AD) and pfSense as the firewall/gateway and this problem does not present itself, the only difference with my installation is that I dont use the squid package.

      I have reinstalled and reconfigured (not from backup) pfSense on the original box and then installed and re-configured (not from backup) on an old Dell Optiplex workstation.  The problem persists.

      Any help or advice would be appreciated.

      Regards

      Andy Hodges

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Does DHCP show as running under Status > Services?

        How did you disable DHCP?
        It should be disabled by unchecking "Enable DHCP server on LAN interface" and on the other tabs.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • A
          AndyH3009
          last edited by

          Hi,

          Thanks for the reply.

          I had turned off the DHCP server in the GUI and DHCP was not show in the services tab.

          I can state however that this issue is not with pfSense or Squid.

          I have traced a mobile user who's laptop had the Alureon malware infection, this took over DHCP services on the network and happened to display the Gateway and DHCP server as being the pfSense boxes LAN IP address.  He happened to be at their head office today.

          Whilst the following is OT it might just help someone.

          In case anyone else has a similar issue here's how I traced it.

          1. Disconnected servers and pfSense box from switch.

          2. Connected laptop to master switch and it was assigned an IP (it shouldn't be)

          3. Removed the 3 cascaded switches from the master and tried my laptop on each switch.

          4. Laptop received an IP on switch #2.

          5. In turn, removed each connection from switch #2 and repaired the laptops network connection.

          6. Repeat until no IP is received, plug in the last removed connection and re-test.

          7. Trace that connection to the patch panel and find out who's connection that is.

          8. Leave that user un-plugged and re-patch all the other cables.

          9. Reinstate that perfectly working pfSense box and sleep peacefully :D

          10. Can't sleep, have a users machine to clean !!!  DoH!!!

          Thanks again

          Andy Hodges

          1 Reply Last reply Reply Quote 0
          • First post
            Last post