DHCP not working on OPT1
-
Your firewall rules on OPT1 don't allow DHCP traffic: when a system first issues a request for a DHCP leave it doesn't have an IP address so the source IP address of the request (typically 0.0.0.0) is not on OPT1 net. If you search the forums for (say) DHCP firewall rule you will probably turn up examples of suitable rules. After you adjust the rules you should reset firewall states (see Diagnostics -> States, click on Reset States tab).
You will probably see the DHCP requests in the firewall log (Status -> System Logs, click on Firewall tab). Once you have fixed the firewall rules you should see DHCP requests on OPT1 recorded in the DHCP log (Status -> System Logs, click on DHCP tab).
You still have superfluous firewall rules on LAN but I will have to post on that later (unless I'm beaten to it).
-
Still didn't have any luck with this. I even tried just limiting access on port 80 to a single ip on the same lan. i can't find any decent firewall rule examples. i haven't had this kind of issues with untangle and their firewall rules. maybe i am just missing something. if someone can give me one example of how to block one ip to another on the same lan it would help me figure out how to move forward. maybe i am just doing something wrong. it doesn't seem like rocket science. in this example i am trying to block all web traffic from 192.168.10.100 to 192.168.10.10. i reset the states and can still access the web server on 10.10.
-
Traffic between host on the same network doesn't pass trough the FW… you can even turn off your pfSense (or any other FW) and still access 192.168.10.10 from 192.168.10.100
-
Ok thanks. Any help with passing through dhcp and DNs examples. I never for that working after searching the forums I couldn't locate a rule example for that. Do I need to list the source ip as all zeros ?
-
OK, try this for the rule to allow DHCP:
_Firewal_l -> Rules, OPT1 tab, Protocol=UDP, Source=0.0.0.0, Port=68, Destination=255.255.255.255, Port=67, Gateway=* all other fields default value.
After adding the rule you probably have to reset firewall states; see Diagnostics -> States, click on Reset States tab, read the information and click on the Reset button.
Do you see any DHCP requests from OPT1 reported in the DHCP log? or firewall log?
-
no dice. nothing in the dhcp log or firewall log either. it's weird. the rule didn't give me an ip address. not sure what's up. thanks for the help.
-
Perhaps the problem is at a lower layer than firewall rules. Please paste the output of pfSense shell command```
/etc/rc.banner ; ifconfig; ps ax | grep dhc
so we can verify your OPT1 interface is in a suitable state and DHCP server is running. @newbieuser1234: > no dice. nothing in the dhcp log or firewall log either. What did you do on a system connected to OPT1 to provoke it to issue DHCP requests? -
I tried to execute the command from the webconfigurator via the command prompt tab, but it just returned the same input. I will try later today when I get access to the actual box. To enable DHCP for OPT1, I checked the "Enable DHCP server on OPT1 interface" in the DHCP server tab.
Surely there has to be a "how to" on how to enable dhcp and dns for another lan. It's weird that people haven't run into this before. I assume this is a common task when using this product. Thanks for your help.
-
Please attach screenshots of the: pfSense Dashboard (the main windows), Interfaces:OPT1, DHCP Server on OPT1
-
wan ip is redacted. thanks.
-
Did you notice the OPT1 interface statistics in the screenshots you posted?
If something is really sending DHCP requests to OPT1 then the interface statistics should show non-zero counts for bytes received and packets received.
The OPT1 interface status is UP suggesting it is connected to something that is proving carrier, but no data is arriving!
-
OPT1 doesn't appear to have auto-negotiated its speed and duplex either from the looks of his second screenshot. Speed and Duplex appears to be missing from his OPT1 interface page as well.
-
yeah i don't have the advanced option as i do in the lan interface.
-
This still isn't working. Can anyone provide a example rule set for how they have separate interfaces using dhcp and dns from pfsense? I can't imagine this is an unusual request. I am basically at a loss with this one.
-
This still isn't working.
What have you done to address the connectivity problem discussed earlier?
Can anyone provide a example rule set for how they have separate interfaces using dhcp and dns from pfsense?
Meddling with firewall rules won't do any good UNTIL you get data to arrive in pfSense over the interface.
-
maybe it's my nic. i will try a different one. i forgot about that issue. thank you
-
It's working! I installed a new nic in the PCI slot. I was using the onboard MB nic before for opt1. apparently it was crap. Thank you for all your assistance on helping me figure out it was a hardware issue.
