DHCRELAY Issues
-
Hi all,
I can't get dhcprelay in pfsense 2.0.1, configured in the web gui, to acknowledge the dhcp request. I have tried everything I can think of, first the firewall was blocking it, no problem, added an "allow any" rule on OPT1 for testing. DHCRELAY still doesn't report that it recieves the request, at this point I am just looking for pfsense to tell me it at least received the request and tried to forward it.
Anybody have it working?
I really would like to learn how to get the relay to work. Worst case, since this is just a home network/playground, I can bypass pfsense relay and run a direct dhcp server network line to the switch. The point of this is just to place my wifi on a separate subnet with it own domain prefix.
Thanks in advance.
-
Have you verified OPT1 is receiving DHCP requests to relay? (Packet capture or firewall log could verify.)
-
So as you suggested, I packet captured under full on OPT1 and I can see the multiple BOOTP/DHCP requests but dhcrelay doesn't reply. dhcreply is running in the process list and it set through the web gui to monitor OPT1 only and relay to dhcp server's ip. I must be missing something.
-
dhcrelay in itself doesn't reply. You're seeing the traffic ingress, so next check the egress interface to verify it's leaving, headed to the DHCP server. My guess is it is (as it's basically impossible to set it up wrong unless you're relaying to the wrong IP), and your DHCP server isn't responding. Usually that would be because it isn't configured with a scope on the relayed interface's subnet.
-
OK, I am getting some where now. You are correct the problem now lies with the dhcp server. So I tried opening udp ports 67 and 68 on that server incase it's firewall was blocking the relay, even though broadcast dhcp works, no dice. Is there anything special to do with dhcpd for receiving the unicast forward?
-
Shouldn't be anything you have to do on the DHCP server other than add a scope for that additional network.
-
Hmmmm… OK I have that set in my dhcpd.conf so some firewall rule on the server running dhcpd is blocking it from either sending or receiving the request. Thanks for all your help, I will have to continue to poke at this one.
Edit:
Got it to work, not exactly quite sure how yet. I did end up changing the listening ethernet port as 2 of 4 are on the same subnet/switch and deleting the dhcp ports firewall rule and it just started working. Thanks again for the help and direction.