Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1 WAN quad LAN

    Scheduled Pinned Locked Moved DHCP and DNS
    12 Posts 3 Posters 5.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jasonlitka
      last edited by

      DHCP only broadcasts on the local subnet.  If you are trying to use DHCP on a network without a DHCP server then you'll need a DHCP relay.

      Go to "Service > DHCP Relay".  Select the tab for your OPT interface.  Check the box at the top, type in the IP of your DHCP server on your LAN in the box at the bottom, and then click "Save".  Make sure you've got a scope defined for that network on your DHCP server.

      I can break anything.

      1 Reply Last reply Reply Quote 0
      • T
        Tagnard
        last edited by

        I have a DHCP server on the LAN, but i want to have the same DHCP on all the ports like any modern broadband router except that i'm in controll of it.

        When i try to ativate the DHCP Relay it tell me this.
        DHCP Server is currently enabled. Cannot enable the DHCP Relay service while the DHCP Server is enabled on any interface.

        So that option diden't work.

        1 Reply Last reply Reply Quote 0
        • W
          wallabybob
          last edited by

          You need to add firewall rules for each interface bridged to LAN to allow DHCP traffic. (From web GUI, Firewall -> Rules, click on the appropriate interface tabs).

          I've used the following two rules:

          Proto = UDP, Source = *, port = 68, destination = 255.255.255.255, port = 67, gateway = *
          Proto = UDP, Source = *, port = 68, destination = LAN address, port = 67, gateway = *

          You don't need DHCP relay unless the pfSense box is passing DHCP requests to another subnet (which doesn't appear to be the case here). It would appear you want the pfSense box to be the DHCP server but I don't think you have explicitly stated that.

          1 Reply Last reply Reply Quote 0
          • T
            Tagnard
            last edited by

            i can't get it to work. I log the rules and i don't se anything in the logs.
            So i thought i was stupid so i tried all the ports but none give me an ip except lan.

            1 Reply Last reply Reply Quote 0
            • W
              wallabybob
              last edited by

              Just checking: You have LAN, OPT1, OPT2 and OPT3. OPT1 and OPT2 and OPT3 are bridged to LAN. You have those rules on each of OPT1, OPT2 and OPT3. DHCP server is enabled on LAN. There is no sign of a DHCP request in the DHCP Server log (from web GUI Status -> System Logs, click on DHCP tab). There is no sign of a DHCP request in the firewall log (Status -> System Logs, click on Firewall tab).

              If all the above is true then I suspect DHCP requests are not getting to your system. You should try a packet capture on one of your interfaces, for example, on the console

              tcpdump -i em0 port 67

              should show any DHCP traffic appearing on interface em0.

              You should also check DHCP server is running: on the console type

              ps ax | grep dhcpd

              1 Reply Last reply Reply Quote 0
              • T
                Tagnard
                last edited by

                every opt is bridged, ruled and when i tcpdump i see the dhcp traffic but i cant se it in the logs so my router machine is not geting the packets by some odd reason.

                dhcpd is running.

                1 Reply Last reply Reply Quote 0
                • W
                  wallabybob
                  last edited by

                  In tcpdump do you see incoming traffic and replies?

                  In the incoming DHCP traffic what is the destination IP address? If its not the broadcast address (255.255.255.255), what address is it? (DHCP client implementations will often try to get an IP address from the IP address which last gave them an IP address. Maybe that address is no longer the address of a DHCP server.)

                  1 Reply Last reply Reply Quote 0
                  • T
                    Tagnard
                    last edited by

                    I see all the requests but no replies.

                    tcpdump

                    # tcpdump -i em0 port 67
tcpdump: WARNING: em0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 96 bytes
02:26:48.667774 IP 10.0.0.100.bootpc > router.tagnard.net.bootps: BOOTP/DHCP, Request from 00:24:8c:74:ef:da (oui Unknown), length 307
02:26:52.667642 IP 10.0.0.100.bootpc > router.tagnard.net.bootps: BOOTP/DHCP, Request from 00:24:8c:74:ef:da (oui Unknown), length 307
02:27:00.667368 IP 10.0.0.100.bootpc > router.tagnard.net.bootps: BOOTP/DHCP, Request from 00:24:8c:74:ef:da (oui Unknown), length 307
02:27:46.001297 IP 10.0.0.100.bootpc > router.tagnard.net.bootps: BOOTP/DHCP, Request from 00:24:8c:74:ef:da (oui Unknown), length 307
02:27:50.001526 IP 10.0.0.100.bootpc > router.tagnard.net.bootps: BOOTP/DHCP, Request from 00:24:8c:74:ef:da (oui Unknown), length 307
02:27:57.001253 IP 10.0.0.100.bootpc > router.tagnard.net.bootps: BOOTP/DHCP, Request from 00:24:8c:74:ef:da (oui Unknown), length 307

                    router.tagnard.net is 10.0.0.254

                    1 Reply Last reply Reply Quote 0
                    • W
                      wallabybob
                      last edited by

                      Your DHCP trace suggests to me that the system already knows its IP address (10.0.0.100) and so its probably requesting a DHCP lease renewal from router.tagnard.net. In contrast, a system that didn't know its IP address and was looking for a system to assign it an address would be sending from 0.0.0.0 to 255.255.255.255.

                      I don't know the history of your configuration. Perhaps 10.0.0.254 was previously used by another system which also acted as DHCP server. I don't know if the pfSense DHCP server would log a request to renew a DHCP lease it knew nothing about.

                      The note on the page displayed by the web GUI at Diagnostics -> States, click on Reset states tab, suggests that its probably worthwhile to reset states after every time you fiddle with the firewall rules.

                      Suggestion: Halt the computer sending the DHCP requests. Restart the pfSense box. Start the tcpdump trace. Then start the PC. Then post the trace here, either the first 8 entries or the first five minutes worth (after the first entry).

                      1 Reply Last reply Reply Quote 0
                      • T
                        Tagnard
                        last edited by

                        You may be absolutly right. the "backup" firewall i'm running right now is a clone of the one i'm fixing now and i have used it to access the internet to read your replies.

                        When i reset the states and /release - /renew i get an IP without problem.

                        1 Reply Last reply Reply Quote 0
                        • T
                          Tagnard
                          last edited by

                          Now i have another strange problem. When i disconnect the cable from lan i dont get any ip from dchp on any of the other 4 ports.

                          Is there a way to fix this os is it a bugg?

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.